From ffc8a034c9d47006c3621ec2f201f16748318817 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Tue, 8 Nov 2022 22:10:21 +0530 Subject: [PATCH 01/11] Update windows-10-subscription-activation.md added a note about excluding the Universal Store Service APIs and Web Application in the device compliance policy reference - https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device Per issue#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10972 --- windows/deployment/windows-10-subscription-activation.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 29d62e08fa..81e56f7074 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -40,6 +40,9 @@ This article covers the following information: For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md). +> [!NOTE] +> Organizations that use the [Subscription Activation](/windows/deployment/windows-10-subscription-activation) feature to enable users to “step-up” from one version of Windows to another, may want to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f from their device compliance policy. + ## Subscription activation for Enterprise Windows Enterprise E3 and E5 are available as online services via subscription. You can deploy Windows Enterprise in your organization without keys and reboots. From b64fa615d60109386c36adaf8f33215a3b37af8c Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 9 Nov 2022 11:20:05 +0530 Subject: [PATCH 02/11] Update windows/deployment/windows-10-subscription-activation.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/windows-10-subscription-activation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 81e56f7074..cf64d2e2d1 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -41,7 +41,7 @@ This article covers the following information: For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md). > [!NOTE] -> Organizations that use the [Subscription Activation](/windows/deployment/windows-10-subscription-activation) feature to enable users to “step-up” from one version of Windows to another, may want to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f from their device compliance policy. +> Organizations that use the [Subscription Activation](/windows/deployment/windows-10-subscription-activation) feature to enable users to upgrade from one version of Windows to another might want to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f, from their device compliance policy. ## Subscription activation for Enterprise From 09213a6681c7984a654209562f1d032a19066337 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 13 Dec 2022 15:50:42 -0500 Subject: [PATCH 03/11] PDE Updates Post Release --- .../configure-pde-in-intune.md | 218 ++++++++++++++---- .../personal-data-encryption/faq-pde.yml | 45 ++-- .../includes/pde-description.md | 11 +- .../personal-data-encryption/overview-pde.md | 182 ++++++++++----- 4 files changed, 340 insertions(+), 116 deletions(-) diff --git a/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md b/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md index 8153b55d0a..0aed4ad1d1 100644 --- a/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md +++ b/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md @@ -3,16 +3,17 @@ title: Configure Personal Data Encryption (PDE) in Intune description: Configuring and enabling Personal Data Encryption (PDE) required and recommended policies in Intune author: frankroj ms.author: frankroj -ms.reviewer: rafals +ms.reviewer: rhonnegowda manager: aaroncz ms.topic: how-to ms.prod: windows-client ms.technology: itpro-security ms.localizationpriority: medium -ms.date: 09/22/2022 +ms.date: 12/13/2022 --- + # Configure Personal Data Encryption (PDE) policies in Intune @@ -20,104 +21,243 @@ ms.date: 09/22/2022 ### Enable Personal Data Encryption (PDE) -1. Sign into the Intune +1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). + 2. Navigate to **Devices** > **Configuration Profiles** + 3. Select **Create profile** + 4. Under **Platform**, select **Windows 10 and later** + 5. Under **Profile type**, select **Templates** + 6. Under **Template name**, select **Custom**, and then select **Create** -7. On the ****Basics** tab: + +7. In **Basics**: + 1. Next to **Name**, enter **Personal Data Encryption** - 2. Next to **Description**, enter a description + 2. Next to **Description**, enter a description + 8. Select **Next** -9. On the **Configuration settings** tab, select **Add** -10. In the **Add Row** window: + +9. In **Configuration settings**, select **Add** + +10. In **Add Row**: + 1. Next to **Name**, enter **Personal Data Encryption** 2. Next to **Description**, enter a description 3. Next to **OMA-URI**, enter in **./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption** 4. Next to **Data type**, select **Integer** 5. Next to **Value**, enter in **1** + 11. Select **Save**, and then select **Next** -12. On the **Assignments** tab: + +12. In **Assignments**: + 1. Under **Included groups**, select **Add groups** 2. Select the groups that the PDE policy should be deployed to 3. Select **Select** 4. Select **Next** -13. On the **Applicability Rules** tab, configure if necessary and then select **Next** -14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create** -#### Disable Winlogon automatic restart sign-on (ARSO) +13. In **Applicability Rules**, configure if necessary and then select **Next** + +14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create** + +### Disable Winlogon automatic restart sign-on (ARSO) + +1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -1. Sign into the Intune 2. Navigate to **Devices** > **Configuration Profiles** + 3. Select **Create profile** + 4. Under **Platform**, select **Windows 10 and later** + 5. Under **Profile type**, select **Templates** + 6. Under **Template name**, select **Administrative templates**, and then select **Create** -7. On the ****Basics** tab: + +7. In **Basics**: + 1. Next to **Name**, enter **Disable ARSO** 2. Next to **Description**, enter a description + 8. Select **Next** -9. On the **Configuration settings** tab, under **Computer Configuration**, navigate to **Windows Components** > **Windows Logon Options** + +9. In **Configuration settings**, under **Computer Configuration**, navigate to **Windows Components** > **Windows Logon Options** + 10. Select **Sign-in and lock last interactive user automatically after a restart** + 11. In the **Sign-in and lock last interactive user automatically after a restart** window that opens, select **Disabled**, and then select **OK** + 12. Select **Next** -13. On the **Scope tags** tab, configure if necessary and then select **Next** -12. On the **Assignments** tab: + +13. In **Scope tags**, configure if necessary and then select **Next** + +14. In **Assignments**: + 1. Under **Included groups**, select **Add groups** 2. Select the groups that the ARSO policy should be deployed to 3. Select **Select** 4. Select **Next** -13. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create** -## Recommended prerequisites +15. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create** -#### Disable crash dumps +## Security hardening recommendations + +### Disable kernel-mode crash dumps and live dumps + +1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -1. Sign into the Intune 2. Navigate to **Devices** > **Configuration Profiles** + 3. Select **Create profile** + 4. Under **Platform**, select **Windows 10 and later** + 5. Under **Profile type**, select **Settings catalog**, and then select **Create** -6. On the ****Basics** tab: - 1. Next to **Name**, enter **Disable Hibernation** + +6. In **Basics**: + + 1. Next to **Name**, enter **Disable Kernel-Mode Crash Dumps** 2. Next to **Description**, enter a description + 7. Select **Next** -8. On the **Configuration settings** tab, select **Add settings** -9. In the **Settings picker** windows, select **Memory Dump** -10. When the settings appear in the lower pane, under **Setting name**, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window + +8. In **Configuration settings**, select **Add settings** + +9. In the **Settings picker** window, under **Browse by category**, select **Memory Dump** + +10. When the settings appear under **Setting name**, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window + 11. Change both **Allow Live Dump** and **Allow Crash Dump** to **Block**, and then select **Next** -12. On the **Scope tags** tab, configure if necessary and then select **Next** -13. On the **Assignments** tab: + +12. In **Scope tags**, configure if necessary and then select **Next** + +13. In **Assignments**: + 1. Under **Included groups**, select **Add groups** - 2. Select the groups that the crash dumps policy should be deployed to + 2. Select the groups that the disable crash dumps policy should be deployed to 3. Select **Select** 4. Select **Next** -14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create** -#### Disable hibernation +14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create** + +### Disable Windows Error Reporting (WER)/Disable user-mode crash dumps + +1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -1. Sign into the Intune 2. Navigate to **Devices** > **Configuration Profiles** + 3. Select **Create profile** + 4. Under **Platform**, select **Windows 10 and later** + 5. Under **Profile type**, select **Settings catalog**, and then select **Create** -6. On the ****Basics** tab: + +6. In **Basics**: + + 1. Next to **Name**, enter **Disable Windows Error Reporting (WER)** + 2. Next to **Description**, enter a description + +7. Select **Next** + +8. In **Configuration settings**, select **Add settings** + +9. In the **Settings picker** window, under **Browse by category**, expand to **Administrative Templates** > **Windows Components**, and then select **Windows Error Reporting** + +10. When the settings appear under **Setting name**, select **Disable Windows Error Reporting**, and then select the **X** in the top right corner of the **Settings picker** window to close the window + +11. Change **Disable Windows Error Reporting** to **Enabled**, and then select **Next** + +12. In **Scope tags**, configure if necessary and then select **Next** + +13. In **Assignments**: + + 1. Under **Included groups**, select **Add groups** + 2. Select the groups that the disable WER dumps policy should be deployed to + 3. Select **Select** + 4. Select **Next** + +14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create** + +### Disable hibernation + +1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). + +2. Navigate to **Devices** > **Configuration Profiles** + +3. Select **Create profile** + +4. Under **Platform**, select **Windows 10 and later** + +5. Under **Profile type**, select **Settings catalog**, and then select **Create** + +6. In **Basics**: + 1. Next to **Name**, enter **Disable Hibernation** 2. Next to **Description**, enter a description + 7. Select **Next** -8. On the **Configuration settings** tab, select **Add settings** -9. In the **Settings picker** windows, select **Power** -10. When the settings appear in the lower pane, under **Setting name**, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window + +8. In **Configuration settings**, select **Add settings** + +9. In the **Settings picker** window, under **Browse by category**, select **Power** + +10. When the settings appear under **Setting name**, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window + 11. Change **Allow Hibernate** to **Block**, and then select **Next** -12. On the **Scope tags** tab, configure if necessary and then select **Next** -13. On the **Assignments** tab: + +12. In **Scope tags**, configure if necessary and then select **Next** + +13. In **Assignments**: + 1. Under **Included groups**, select **Add groups** - 2. Select the groups that the hibernation policy should be deployed to + 2. Select the groups that the disable hibernation policy should be deployed to 3. Select **Select** 4. Select **Next** -14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create** + +14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create** + +### Disable allowing users to select when a password is required when resuming from connected standby + +1. Sign into [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). + +2. Navigate to **Devices** > **Configuration Profiles** + +3. Select **Create profile** + +4. Under **Platform**, select **Windows 10 and later** + +5. Under **Profile type**, select **Settings catalog**, and then select **Create** + +6. In **Basics**: + + 1. Next to **Name**, enter **Disable allowing users to select when a password is required when resuming from connected standby** + 2. Next to **Description**, enter a description + +7. Select **Next** + +8. In **Configuration settings**, select **Add settings** + +9. In the **Settings picker** window, under **Browse by category**, expand to **Administrative Templates** > **System**, and then select **Logon** + +10. When the settings appear under **Setting name**, select **Allow users to select when a password is required when resuming from connected standby**, and then select the **X** in the top right corner of the **Settings picker** window to close the window + +11. Make sure that **Allow users to select when a password is required when resuming from connected standby** is left at the default of **Disabled**, and then select **Next** + +12. In **Scope tags**, configure if necessary and then select **Next** + +13. In **Assignments**: + + 1. Under **Included groups**, select **Add groups** + 2. Select the groups that the disable Allow users to select when a password is required when resuming from connected standby policy should be deployed to + 3. Select **Select** + 4. Select **Next** + +14. In **Review + create**, review the configuration to make sure everything is configured correctly, and then select **Create** ## See also + - [Personal Data Encryption (PDE)](overview-pde.md) - [Personal Data Encryption (PDE) FAQ](faq-pde.yml) diff --git a/windows/security/information-protection/personal-data-encryption/faq-pde.yml b/windows/security/information-protection/personal-data-encryption/faq-pde.yml index d9a2dbaff7..d74e51bd3b 100644 --- a/windows/security/information-protection/personal-data-encryption/faq-pde.yml +++ b/windows/security/information-protection/personal-data-encryption/faq-pde.yml @@ -5,13 +5,16 @@ metadata: description: Answers to common questions regarding Personal Data Encryption (PDE). author: frankroj ms.author: frankroj - ms.reviewer: rafals + ms.reviewer: rhonnegowda manager: aaroncz ms.topic: faq ms.prod: windows-client ms.technology: itpro-security ms.localizationpriority: medium - ms.date: 09/22/2022 + ms.date: 12/13/2022 + +# Max 5963468 OS 32516487 +# Max 6946251 title: Frequently asked questions for Personal Data Encryption (PDE) summary: | @@ -28,47 +31,51 @@ sections: answer: | No. It's still recommended to encrypt all volumes with BitLocker Drive Encryption for increased security. - - question: Can an IT admin specify which files should be encrypted? + - question: How are files protected by PDE selected? answer: | - Yes, but it can only be done using the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). + [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) are used to select which files are protected using PDE. - - question: Do I need to use OneDrive as my backup provider? + - question: Do I need to use OneDrive in Microsoft 365 as my backup provider? answer: | - No. PDE doesn't have a requirement for a backup provider including OneDrive. However, backups are strongly recommended in case the keys used by PDE to decrypt files are lost. OneDrive is a recommended backup provider. + No. PDE doesn't have a requirement for a backup provider, including OneDrive in Microsoft 365. However, backups are recommended in case the keys used by PDE to protect files are lost. OneDrive in Microsoft 365 is a recommended backup provider. - question: What is the relation between Windows Hello for Business and PDE? answer: | - During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to decrypt files. + During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to protect files. - - question: Can a file be encrypted with both PDE and EFS at the same time? + - question: Can a file be protected with both PDE and EFS at the same time? answer: | No. PDE and EFS are mutually exclusive. - - question: Can PDE encrypted files be accessed after signing on via a Remote Desktop connection (RDP)? + - question: Can PDE protected files be accessed after signing on via a Remote Desktop connection (RDP)? answer: | - No. Accessing PDE encrypted files over RDP isn't currently supported. + No. Accessing PDE protected files over RDP isn't currently supported. - - question: Can PDE encrypted files be access via a network share? + - question: Can PDE protected files be accessed via a network share? answer: | - No. PDE encrypted files can only be accessed after signing on locally to Windows with Windows Hello for Business credentials. + No. PDE protected files can only be accessed after signing on locally to Windows with Windows Hello for Business credentials. - - question: How can it be determined if a file is encrypted with PDE? + - question: How can it be determined if a file is protected with PDE? answer: | - Encrypted files will show a padlock on the file's icon. Additionally, `cipher.exe` can be used to show the encryption state of the file. + - Files protected with PDE and EFS will both show a padlock on the file's icon. To verify whether a file is protected with PDE vs. EFS: + 1. In the properties of the file, navigate to **General** > **Advanced**. The option **Encrypt contents to secure data** should be selected. + 2. Select the **Details** button. + 3. If the file is protected with PDE, under **Protection status:**, the item **Personal Data Encryption is:** will be marked as **On**. + - [`cipher.exe`](/windows-server/administration/windows-commands/cipher) can also be used to show the encryption state of the file. - question: Can users manually encrypt and decrypt files with PDE? answer: | - Currently users can decrypt files manually but they can't encrypt files manually. + Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section **Disable PDE and decrypt files** in [Personal Data Encryption (PDE)](overview-pde.md). - - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE encrypted files? + - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE protected files? answer: | - No. The keys used by PDE to decrypt files are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics. + No. The keys used by PDE to protect files are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics. - question: What encryption method and strength does PDE use? answer: | - PDE uses AES-CBC with a 256-bit key to encrypt files + PDE uses AES-CBC with a 256-bit key to encrypt files. additionalContent: | ## See also - [Personal Data Encryption (PDE)](overview-pde.md) - - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md) + - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md) \ No newline at end of file diff --git a/windows/security/information-protection/personal-data-encryption/includes/pde-description.md b/windows/security/information-protection/personal-data-encryption/includes/pde-description.md index 7ca7334657..89e73c2933 100644 --- a/windows/security/information-protection/personal-data-encryption/includes/pde-description.md +++ b/windows/security/information-protection/personal-data-encryption/includes/pde-description.md @@ -4,24 +4,25 @@ description: Personal Data Encryption (PDE) description include file author: frankroj ms.author: frankroj -ms.reviewer: rafals +ms.reviewer: rhonnegowda manager: aaroncz ms.topic: how-to ms.prod: windows-client ms.technology: itpro-security ms.localizationpriority: medium -ms.date: 09/22/2022 +ms.date: 12/13/2022 --- + Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides additional encryption features to Windows. PDE differs from BitLocker in that it encrypts individual files instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker. PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimize the number of credentials the user has to remember to gain access to files. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requirement requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business. -PDE is also accessibility friendly. For example, The BitLocker PIN entry screen doesn't have accessibility options. PDE however uses Windows Hello for Business, which does have accessibility features. +Because PDE utilizes Windows Hello for Business, PDE is also accessibility friendly due to the accessibility features available when using Windows Hello for Business. -Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business. Users will only be able to access their PDE encrypted files once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked. +Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business. Users will only be able to access their PDE protected files once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked. > [!NOTE] -> PDE is currently only available to developers via [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). There is no user interface in Windows to either enable PDE or encrypt files via PDE. Also, although there is an MDM policy that can enable PDE, there are no MDM policies that can be used to encrypt files via PDE. +> PDE can be enabled using MDM policies. The files to be protected by PDE can be specified using [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). There is no user interface in Windows to either enable PDE or protect files using PDE. diff --git a/windows/security/information-protection/personal-data-encryption/overview-pde.md b/windows/security/information-protection/personal-data-encryption/overview-pde.md index bfb7153548..24bb0237ff 100644 --- a/windows/security/information-protection/personal-data-encryption/overview-pde.md +++ b/windows/security/information-protection/personal-data-encryption/overview-pde.md @@ -3,75 +3,123 @@ title: Personal Data Encryption (PDE) description: Personal Data Encryption unlocks user encrypted files at user sign-in instead of at boot. author: frankroj ms.author: frankroj -ms.reviewer: rafals +ms.reviewer: rhonnegowda manager: aaroncz ms.topic: how-to ms.prod: windows-client ms.technology: itpro-security ms.localizationpriority: medium -ms.date: 09/22/2022 +ms.date: 12/13/2022 --- + # Personal Data Encryption (PDE) -(*Applies to: Windows 11, version 22H2 and later Enterprise and Education editions*) +**Applies to:** + +- Windows 11, version 22H2 and later Enterprise and Education editions [!INCLUDE [Personal Data Encryption (PDE) description](includes/pde-description.md)] ## Prerequisites -### **Required** - - [Azure AD joined device](/azure/active-directory/devices/concept-azure-ad-join) - - [Windows Hello for Business](../../identity-protection/hello-for-business/hello-overview.md) - - Windows 11, version 22H2 and later Enterprise and Education editions +### Required -### **Not supported with PDE** - - [FIDO/security key authentication](../../identity-protection/hello-for-business/microsoft-compatible-security-key.md) - - [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-) - - For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](configure-pde-in-intune.md#disable-winlogon-automatic-restart-sign-on-arso)). - - [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md) - - [Hybrid Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join-hybrid) - - Remote Desktop connections +- [Azure AD joined device](/azure/active-directory/devices/concept-azure-ad-join) +- [Windows Hello for Business](../../identity-protection/hello-for-business/hello-overview.md) +- Windows 11, version 22H2 and later Enterprise and Education editions -### **Highly recommended** - - [BitLocker Drive Encryption](../bitlocker/bitlocker-overview.md) enabled - - Although PDE will work without BitLocker, it's recommended to also enable BitLocker. PDE is meant to supplement BitLocker and not replace it. - - Backup solution such as [OneDrive](/onedrive/onedrive) - - In certain scenarios such as TPM resets or destructive PIN resets, the keys used by PDE to decrypt files can be lost. In such scenarios, any file encrypted with PDE will no longer be accessible. The only way to recover such files would be from backup. - - [Windows Hello for Business PIN reset service](../../identity-protection/hello-for-business/hello-feature-pin-reset.md) - - Destructive PIN resets will cause keys used by PDE to decrypt files to be lost. The destructive PIN reset will make any file encrypted with PDE no longer accessible after a destructive PIN reset. Files encrypted with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets. - - [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) - - Provides additional security when authenticating with Windows Hello for Business via biometrics or PIN - - [Kernel and user mode crash dumps disabled](/windows/client-management/mdm/policy-csp-memorydump) - - Crash dumps can potentially cause the keys used by PDE decrypt files to be exposed. For greatest security, disable kernel and user mode crash dumps. For information on disabling crash dumbs via Intune, see [Disable crash dumps](configure-pde-in-intune.md#disable-crash-dumps). - - [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate) - - Hibernation files can potentially cause the keys used by PDE to decrypt files to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation). +### Not supported with PDE + +- [FIDO/security key authentication](../../identity-protection/hello-for-business/microsoft-compatible-security-key.md) +- [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-) + - For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](configure-pde-in-intune.md#disable-winlogon-automatic-restart-sign-on-arso)). +- [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md) +- [Hybrid Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join-hybrid) +- Remote Desktop connections + +### Security hardening recommendations + +- [Kernel-mode crash dumps and live dumps disabled](/windows/client-management/mdm/policy-csp-memorydump#memorydump-policies) + + Kernel-mode crash dumps and live dumps can potentially cause the keys used by PDE to protect files to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps. For information on disabling crash dumps and live dumps via Intune, see [Disable kernel-mode crash dumps and live dumps](configure-pde-in-intune.md#disable-kernel-mode-crash-dumps-and-live-dumps). + +- [Windows Error Reporting (WER) disabled/User-mode crash dumps disabled](/windows/client-management/mdm/policy-csp-errorreporting#errorreporting-disablewindowserrorreporting) + + Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode crash dumps can potentially cause the keys used by PDE to protect files to be exposed. For greatest security, disable user-mode crash dumps. For information on disabling crash dumbs via Intune, see [Disable Windows Error Reporting (WER)/Disable user-mode crash dumps](configure-pde-in-intune.md#disable-windows-error-reporting-werdisable-user-mode-crash-dumps). + +- [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate) + + Hibernation files can potentially cause the keys used by PDE to protect files to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation). + +- [Allowing users to select when a password is required when resuming from connected standby disabled](/windows/client-management/mdm/policy-csp-admx-credentialproviders#admx-credentialproviders-allowdomaindelaylock) + + When this policy isn't configured, the outcome between on-premises Active Directory joined devices and workgroup devices, including native Azure Active Directory joined devices, is different: + + - On-premises Active Directory joined devices: + + - A user can't change the amount of time after the device´s screen turns off before a password is required when waking the device. + + - A password is required immediately after the screen turns off. + + The above is the desired outcome, but PDE isn't supported with on-premises Active Directory joined devices. + + - Workgroup devices, including native Azure AD joined devices: + + - A user on a Connected Standby device can change the amount of time after the device´s screen turns off before a password is required to wake the device. + + - During the time when the screen turns off but a password isn't required, the keys used by PDE to protect files could potentially be exposed. This outcome isn't a desired outcome. + + Because of this undesired outcome, it's recommended to explicitly disable this policy on native Azure AD joined devices instead of leaving it at the default of not configured. + + For information on disabling this policy via Intune, see [Disable allowing users to select when a password is required when resuming from connected standby](configure-pde-in-intune.md#disable-allowing-users-to-select-when-a-password-is-required-when-resuming-from-connected-standby). + +### Highly recommended + +- [BitLocker Drive Encryption](../bitlocker/bitlocker-overview.md) enabled + + Although PDE will work without BitLocker, it's recommended to also enable BitLocker. PDE is meant to work alongside BitLocker for increased security. PDE isn't a replacement for BitLocker. + +- Backup solution such as [OneDrive in Microsoft 365](/sharepoint/onedrive-overview) + + In certain scenarios such as TPM resets or destructive PIN resets, the keys used by PDE to protect files will be lost. In such scenarios, any file protected with PDE will no longer be accessible. The only way to recover such files would be from backup. + +- [Windows Hello for Business PIN reset service](../../identity-protection/hello-for-business/hello-feature-pin-reset.md) + + Destructive PIN resets will cause keys used by PDE to protect files to be lost. The destructive PIN reset will make any file protected with PDE no longer accessible after a destructive PIN reset. Files protected with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets. + +- [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) + + Provides additional security when authenticating with Windows Hello for Business via biometrics or PIN ## PDE protection levels -PDE uses AES-CBC with a 256-bit key to encrypt files and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). +PDE uses AES-CBC with a 256-bit key to protect files and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). | Item | Level 1 | Level 2 | |---|---|---| -| Data is accessible when user is signed in | Yes | Yes | -| Data is accessible when user has locked their device | Yes | No | -| Data is accessible after user signs out | No | No | -| Data is accessible when device is shut down | No | No | -| Decryption keys discarded | After user signs out | After user locks device or signs out | +| PDE protected data accessible when user has signed in via Windows Hello for Business | Yes | Yes | +| PDE protected data is accessible at Windows lock screen | Yes | Data is accessible for one minute after lock, then it's no longer available | +| PDE protected data is accessible after user signs out of Windows | No | No | +| PDE protected data is accessible when device is shut down | No | No | +| PDE protected data is accessible via UNC paths | No | No | +| PDE protected data is accessible when signing with Windows password instead of Windows Hello for Business | No | No | +| PDE protected data is accessible via Remote Desktop session | No | No | +| Decryption keys used by PDE discarded | After user signs out of Windows | One minute after Windows lock screen is engaged or after user signs out of Windows | -## PDE encrypted files accessibility +## PDE protected files accessibility -When a file is encrypted with PDE, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access a PDE encrypted file, they'll be denied access to the file. +When a file is protected with PDE, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access a PDE protected file, they'll be denied access to the file. -Scenarios where a user will be denied access to a PDE encrypted file include: +Scenarios where a user will be denied access to a PDE protected file include: - User has signed into Windows via a password instead of signing in with Windows Hello for Business biometric or PIN. -- If specified via level 2 protection, when the device is locked. +- If protected via level 2 protection, when the device is locked. - When trying to access files on the device remotely. For example, UNC network paths. - Remote Desktop sessions. -- Other users on the device who aren't owners of the file, even if they're signed in via Windows Hello for Business and have permissions to navigate to the PDE encrypted files. +- Other users on the device who aren't owners of the file, even if they're signed in via Windows Hello for Business and have permissions to navigate to the PDE protected files. ## How to enable PDE @@ -85,55 +133,83 @@ To enable PDE on devices, push an MDM policy to the devices with the following p There's also a [PDE CSP](/windows/client-management/mdm/personaldataencryption-csp) available for MDM solutions that support it. > [!NOTE] -> Enabling the PDE policy on devices only enables the PDE feature. It does not encrypt any files. To encrypt files, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) to create custom applications and scripts to specify which files to encrypt and at what level to encrypt the files. Additionally, files will not encrypt via the APIs until this policy has been enabled. +> Enabling the PDE policy on devices only enables the PDE feature. It does not protect any files. To protect files via PDE, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). The PDE APIs can be used to create custom applications and scripts to specify which files to protect and at what level to protect the files. Additionally, the PDE APIs can't be used to protect files until the PDE policy has been enabled. For information on enabling PDE via Intune, see [Enable Personal Data Encryption (PDE)](configure-pde-in-intune.md#enable-personal-data-encryption-pde). ## Differences between PDE and BitLocker +PDE is meant to work alongside BitLocker. PDE isn't a replacement for BitLocker, nor is BitLocker a replacement for PDE. Using both features together provides better security than using either BitLocker or PDE alone. However there are differences between BitLocker and PDE and how they work. These differences are why using them together offers better security. + | Item | PDE | BitLocker | |--|--|--| -| Release of key | At user sign-in via Windows Hello for Business | At boot | -| Keys discarded | At user sign-out | At reboot | -| Files encrypted | Individual specified files | Entire volume/drive | -| Authentication to access encrypted file | Windows Hello for Business | When BitLocker with PIN is enabled, BitLocker PIN plus Windows sign in | -| Accessibility | Windows Hello for Business is accessibility friendly | BitLocker with PIN doesn't have accessibility features | +| Release of decryption key | At user sign-in via Windows Hello for Business | At boot | +| Decryption keys discarded | When user signs out of Windows or one minute after Windows lock screen is engaged | At reboot | +| Files protected | Individual specified files | Entire volume/drive | +| Authentication to access protected file | Windows Hello for Business | When BitLocker with TPM + PIN is enabled, BitLocker PIN plus Windows sign-in | ## Differences between PDE and EFS -The main difference between encrypting files with PDE instead of EFS is the method they use to encrypt the file. PDE uses Windows Hello for Business to secure the keys to decrypt the files. EFS uses certificates to secure and encrypt the files. +The main difference between protecting files with PDE instead of EFS is the method they use to protect the file. PDE uses Windows Hello for Business to secure the keys that protect the files. EFS uses certificates to secure and protect the files. -To see if a file is encrypted with PDE or EFS: +To see if a file is protected with PDE or with EFS: 1. Open the properties of the file 2. Under the **General** tab, select **Advanced...** 3. In the **Advanced Attributes** windows, select **Details** -For PDE encrypted files, under **Protection status:** there will be an item listed as **Personal Data Encryption is:** and it will have the attribute of **On**. +For PDE protected files, under **Protection status:** there will be an item listed as **Personal Data Encryption is:** and it will have the attribute of **On**. -For EFS encrypted files, under **Users who can access this file:**, there will be a **Certificate thumbprint** next to the users with access to the file. There will also be a section at the bottom labeled **Recovery certificates for this file as defined by recovery policy:**. +For EFS protected files, under **Users who can access this file:**, there will be a **Certificate thumbprint** next to the users with access to the file. There will also be a section at the bottom labeled **Recovery certificates for this file as defined by recovery policy:**. -Encryption information including what encryption method is being used can be obtained with the command line `cipher.exe /c` command. +Encryption information including what encryption method is being used to protect the file can be obtained with the [cipher.exe /c](/windows-server/administration/windows-commands/cipher) command. ## Disable PDE and decrypt files -Currently there's no method to disable PDE via MDM policy. However, in certain scenarios PDE encrypted files can be decrypted using `cipher.exe` using the following steps: +Once PDE is enabled, it isn't recommended to disable it. However if PDE does need to be disabled, it can be done so via the MDM policy described in the section [How to enable PDE](#how-to-enable-pde). The value of the OMA-URI needs to be changed from **`1`** to **`0`** as follows: + +- Name: **Personal Data Encryption** +- OMA-URI: **./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption** +- Data type: **Integer** +- Value: **0** + +Disabling PDE doesn't decrypt any PDE protected files. It only prevents the PDE API from being able to protect any additional files. PDE protected files can be manually decrypted using the following steps: 1. Open the properties of the file 2. Under the **General** tab, select **Advanced...** 3. Uncheck the option **Encrypt contents to secure data** 4. Select **OK**, and then **OK** again -> [!Important] -> Once a user selects to manually decrypt a file, they will not be able to manually encrypt the file again. +PDE protected files can also be decrypted using [cipher.exe](/windows-server/administration/windows-commands/cipher). Using `cipher.exe` can be helpful to decrypt files in the following scenarios: + +- Decrypting a large number of files on a device +- Decrypting files on a large number of devices. + +To decrypt files on a device using `cipher.exe`: + +- Decrypt all files under a directory including subdirectories: + + ```cmd + cipher.exe /d /s: + ``` + +- Decrypt a single file or all of the files in the specified directory, but not any subdirectories: + + ```cmd + cipher.exe /d + ``` + +> [!IMPORTANT] +> Once a user selects to manually decrypt a file, the user will not be able to manually protect the file again using PDE. ## Windows out of box applications that support PDE Certain Windows applications support PDE out of the box. If PDE is enabled on a device, these applications will utilize PDE. - Mail - - Supports encrypting both email bodies and attachments + - Supports protecting both email bodies and attachments ## See also + - [Personal Data Encryption (PDE) FAQ](faq-pde.yml) - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md) From 69652b59e234d309b57add1ca2c2eebbae5d5db4 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Wed, 14 Dec 2022 12:43:54 -0800 Subject: [PATCH 04/11] revise include warning --- .../includes/microsoft-365-ie-end-of-support.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md index 1a51b8977a..912ce707bd 100644 --- a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md +++ b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md @@ -1,7 +1,7 @@ --- author: aczechowski ms.author: aaroncz -ms.date: 10/27/2022 +ms.date: 12/16/2022 ms.reviewer: cathask manager: aaroncz ms.prod: ie11 @@ -9,6 +9,8 @@ ms.topic: include --- > [!WARNING] -> The retired, out-of-support Internet Explorer 11 (IE11) desktop application will be permanently disabled on certain versions of Windows 10 as part of the February 2023 Windows security update ("B") release scheduled for February 14, 2023. We highly recommend setting up IE mode in Microsoft Edge and disabling IE11 prior to this date to ensure your organization doesn't experience business disruption. +> **Update:** The retired, out-of-support Internet Explorer 11 desktop application is scheduled to be permanently disabled through a Microsoft Edge update on certain versions of Windows 10 on February 14, 2023. > -> For more information, see [aka.ms/iemodefaq](https://aka.ms/iemodefaq). +> We highly recommend setting up IE mode in Microsoft Edge and disabling IE11 prior to this date to ensure your organization does not experience business disruption. +> +> For more information, see [Internet Explorer 11 desktop app retirement FAQ](https://aka.ms/iemodefaq). From 62fb2e10fc54387e05acf8a79b2c29ef3f98f5b7 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Fri, 16 Dec 2022 10:27:43 -0500 Subject: [PATCH 05/11] PDE Updates Post Release 2 --- .../personal-data-encryption/faq-pde.yml | 22 ++++++------- .../includes/pde-description.md | 8 ++--- .../personal-data-encryption/overview-pde.md | 32 +++++++++---------- 3 files changed, 31 insertions(+), 31 deletions(-) diff --git a/windows/security/information-protection/personal-data-encryption/faq-pde.yml b/windows/security/information-protection/personal-data-encryption/faq-pde.yml index d74e51bd3b..8bb71cc423 100644 --- a/windows/security/information-protection/personal-data-encryption/faq-pde.yml +++ b/windows/security/information-protection/personal-data-encryption/faq-pde.yml @@ -25,15 +25,15 @@ sections: questions: - question: Can PDE encrypt entire volumes or drives? answer: | - No. PDE only encrypts specified files. + No. PDE only encrypts specified files and content. - question: Is PDE a replacement for BitLocker? answer: | No. It's still recommended to encrypt all volumes with BitLocker Drive Encryption for increased security. - - question: How are files protected by PDE selected? + - question: How are files and content protected by PDE selected? answer: | - [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) are used to select which files are protected using PDE. + [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) are used to select which files and content are protected using PDE. - question: Do I need to use OneDrive in Microsoft 365 as my backup provider? answer: | @@ -41,19 +41,19 @@ sections: - question: What is the relation between Windows Hello for Business and PDE? answer: | - During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to protect files. + During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to protect content. - question: Can a file be protected with both PDE and EFS at the same time? answer: | No. PDE and EFS are mutually exclusive. - - question: Can PDE protected files be accessed after signing on via a Remote Desktop connection (RDP)? + - question: Can PDE protected content be accessed after signing on via a Remote Desktop connection (RDP)? answer: | - No. Accessing PDE protected files over RDP isn't currently supported. + No. Accessing PDE protected content over RDP isn't currently supported. - - question: Can PDE protected files be accessed via a network share? + - question: Can PDE protected content be accessed via a network share? answer: | - No. PDE protected files can only be accessed after signing on locally to Windows with Windows Hello for Business credentials. + No. PDE protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials. - question: How can it be determined if a file is protected with PDE? answer: | @@ -67,13 +67,13 @@ sections: answer: | Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section **Disable PDE and decrypt files** in [Personal Data Encryption (PDE)](overview-pde.md). - - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE protected files? + - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE protected content? answer: | - No. The keys used by PDE to protect files are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics. + No. The keys used by PDE to protect content are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics. - question: What encryption method and strength does PDE use? answer: | - PDE uses AES-CBC with a 256-bit key to encrypt files. + PDE uses AES-CBC with a 256-bit key to encrypt content. additionalContent: | ## See also diff --git a/windows/security/information-protection/personal-data-encryption/includes/pde-description.md b/windows/security/information-protection/personal-data-encryption/includes/pde-description.md index 89e73c2933..2eb0fa2a66 100644 --- a/windows/security/information-protection/personal-data-encryption/includes/pde-description.md +++ b/windows/security/information-protection/personal-data-encryption/includes/pde-description.md @@ -16,13 +16,13 @@ ms.date: 12/13/2022 -Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides additional encryption features to Windows. PDE differs from BitLocker in that it encrypts individual files instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker. +Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides additional encryption features to Windows. PDE differs from BitLocker in that it encrypts individual files and content instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker. -PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimize the number of credentials the user has to remember to gain access to files. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requirement requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business. +PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimize the number of credentials the user has to remember to gain access to content. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requirement requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business. Because PDE utilizes Windows Hello for Business, PDE is also accessibility friendly due to the accessibility features available when using Windows Hello for Business. -Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business. Users will only be able to access their PDE protected files once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked. +Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business. Users will only be able to access their PDE protected content once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked. > [!NOTE] -> PDE can be enabled using MDM policies. The files to be protected by PDE can be specified using [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). There is no user interface in Windows to either enable PDE or protect files using PDE. +> PDE can be enabled using MDM policies. The content to be protected by PDE can be specified using [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). There is no user interface in Windows to either enable PDE or protect content using PDE. diff --git a/windows/security/information-protection/personal-data-encryption/overview-pde.md b/windows/security/information-protection/personal-data-encryption/overview-pde.md index 24bb0237ff..e0da74cb1c 100644 --- a/windows/security/information-protection/personal-data-encryption/overview-pde.md +++ b/windows/security/information-protection/personal-data-encryption/overview-pde.md @@ -44,15 +44,15 @@ ms.date: 12/13/2022 - [Kernel-mode crash dumps and live dumps disabled](/windows/client-management/mdm/policy-csp-memorydump#memorydump-policies) - Kernel-mode crash dumps and live dumps can potentially cause the keys used by PDE to protect files to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps. For information on disabling crash dumps and live dumps via Intune, see [Disable kernel-mode crash dumps and live dumps](configure-pde-in-intune.md#disable-kernel-mode-crash-dumps-and-live-dumps). + Kernel-mode crash dumps and live dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps. For information on disabling crash dumps and live dumps via Intune, see [Disable kernel-mode crash dumps and live dumps](configure-pde-in-intune.md#disable-kernel-mode-crash-dumps-and-live-dumps). - [Windows Error Reporting (WER) disabled/User-mode crash dumps disabled](/windows/client-management/mdm/policy-csp-errorreporting#errorreporting-disablewindowserrorreporting) - Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode crash dumps can potentially cause the keys used by PDE to protect files to be exposed. For greatest security, disable user-mode crash dumps. For information on disabling crash dumbs via Intune, see [Disable Windows Error Reporting (WER)/Disable user-mode crash dumps](configure-pde-in-intune.md#disable-windows-error-reporting-werdisable-user-mode-crash-dumps). + Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode crash dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable user-mode crash dumps. For information on disabling crash dumbs via Intune, see [Disable Windows Error Reporting (WER)/Disable user-mode crash dumps](configure-pde-in-intune.md#disable-windows-error-reporting-werdisable-user-mode-crash-dumps). - [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate) - Hibernation files can potentially cause the keys used by PDE to protect files to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation). + Hibernation files can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation). - [Allowing users to select when a password is required when resuming from connected standby disabled](/windows/client-management/mdm/policy-csp-admx-credentialproviders#admx-credentialproviders-allowdomaindelaylock) @@ -70,7 +70,7 @@ ms.date: 12/13/2022 - A user on a Connected Standby device can change the amount of time after the device´s screen turns off before a password is required to wake the device. - - During the time when the screen turns off but a password isn't required, the keys used by PDE to protect files could potentially be exposed. This outcome isn't a desired outcome. + - During the time when the screen turns off but a password isn't required, the keys used by PDE to protect content could potentially be exposed. This outcome isn't a desired outcome. Because of this undesired outcome, it's recommended to explicitly disable this policy on native Azure AD joined devices instead of leaving it at the default of not configured. @@ -84,11 +84,11 @@ ms.date: 12/13/2022 - Backup solution such as [OneDrive in Microsoft 365](/sharepoint/onedrive-overview) - In certain scenarios such as TPM resets or destructive PIN resets, the keys used by PDE to protect files will be lost. In such scenarios, any file protected with PDE will no longer be accessible. The only way to recover such files would be from backup. + In certain scenarios such as TPM resets or destructive PIN resets, the keys used by PDE to protect content will be lost. In such scenarios, any content protected with PDE will no longer be accessible. The only way to recover such content would be from backup. - [Windows Hello for Business PIN reset service](../../identity-protection/hello-for-business/hello-feature-pin-reset.md) - Destructive PIN resets will cause keys used by PDE to protect files to be lost. The destructive PIN reset will make any file protected with PDE no longer accessible after a destructive PIN reset. Files protected with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets. + Destructive PIN resets will cause keys used by PDE to protect content to be lost. The destructive PIN reset will make any content protected with PDE no longer accessible after a destructive PIN reset. Content protected with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets. - [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) @@ -96,7 +96,7 @@ ms.date: 12/13/2022 ## PDE protection levels -PDE uses AES-CBC with a 256-bit key to protect files and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). +PDE uses AES-CBC with a 256-bit key to protect content and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). | Item | Level 1 | Level 2 | |---|---|---| @@ -109,17 +109,17 @@ PDE uses AES-CBC with a 256-bit key to protect files and offers two levels of pr | PDE protected data is accessible via Remote Desktop session | No | No | | Decryption keys used by PDE discarded | After user signs out of Windows | One minute after Windows lock screen is engaged or after user signs out of Windows | -## PDE protected files accessibility +## PDE protected content accessibility -When a file is protected with PDE, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access a PDE protected file, they'll be denied access to the file. +When a file is protected with PDE, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access PDE protected content, they'll be denied access to the content. -Scenarios where a user will be denied access to a PDE protected file include: +Scenarios where a user will be denied access to PDE protected content include: - User has signed into Windows via a password instead of signing in with Windows Hello for Business biometric or PIN. - If protected via level 2 protection, when the device is locked. -- When trying to access files on the device remotely. For example, UNC network paths. +- When trying to access content on the device remotely. For example, UNC network paths. - Remote Desktop sessions. -- Other users on the device who aren't owners of the file, even if they're signed in via Windows Hello for Business and have permissions to navigate to the PDE protected files. +- Other users on the device who aren't owners of the content, even if they're signed in via Windows Hello for Business and have permissions to navigate to the PDE protected content. ## How to enable PDE @@ -133,7 +133,7 @@ To enable PDE on devices, push an MDM policy to the devices with the following p There's also a [PDE CSP](/windows/client-management/mdm/personaldataencryption-csp) available for MDM solutions that support it. > [!NOTE] -> Enabling the PDE policy on devices only enables the PDE feature. It does not protect any files. To protect files via PDE, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). The PDE APIs can be used to create custom applications and scripts to specify which files to protect and at what level to protect the files. Additionally, the PDE APIs can't be used to protect files until the PDE policy has been enabled. +> Enabling the PDE policy on devices only enables the PDE feature. It does not protect any content. To protect content via PDE, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). The PDE APIs can be used to create custom applications and scripts to specify which content to protect and at what level to protect the content. Additionally, the PDE APIs can't be used to protect content until the PDE policy has been enabled. For information on enabling PDE via Intune, see [Enable Personal Data Encryption (PDE)](configure-pde-in-intune.md#enable-personal-data-encryption-pde). @@ -146,7 +146,7 @@ PDE is meant to work alongside BitLocker. PDE isn't a replacement for BitLocker, | Release of decryption key | At user sign-in via Windows Hello for Business | At boot | | Decryption keys discarded | When user signs out of Windows or one minute after Windows lock screen is engaged | At reboot | | Files protected | Individual specified files | Entire volume/drive | -| Authentication to access protected file | Windows Hello for Business | When BitLocker with TPM + PIN is enabled, BitLocker PIN plus Windows sign-in | +| Authentication to access protected content | Windows Hello for Business | When BitLocker with TPM + PIN is enabled, BitLocker PIN plus Windows sign-in | ## Differences between PDE and EFS @@ -164,7 +164,7 @@ For EFS protected files, under **Users who can access this file:**, there will b Encryption information including what encryption method is being used to protect the file can be obtained with the [cipher.exe /c](/windows-server/administration/windows-commands/cipher) command. -## Disable PDE and decrypt files +## Disable PDE and decrypt content Once PDE is enabled, it isn't recommended to disable it. However if PDE does need to be disabled, it can be done so via the MDM policy described in the section [How to enable PDE](#how-to-enable-pde). The value of the OMA-URI needs to be changed from **`1`** to **`0`** as follows: @@ -173,7 +173,7 @@ Once PDE is enabled, it isn't recommended to disable it. However if PDE does nee - Data type: **Integer** - Value: **0** -Disabling PDE doesn't decrypt any PDE protected files. It only prevents the PDE API from being able to protect any additional files. PDE protected files can be manually decrypted using the following steps: +Disabling PDE doesn't decrypt any PDE protected content. It only prevents the PDE API from being able to protect any additional content. PDE protected files can be manually decrypted using the following steps: 1. Open the properties of the file 2. Under the **General** tab, select **Advanced...** From ff98d60cedfedff9dd4bf22686fc348ca9eb120e Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 16 Dec 2022 11:11:00 -0500 Subject: [PATCH 06/11] bulk metadata updates --- ...nfigure-diffie-hellman-protocol-over-ikev2-vpn-connections.md | 1 + ...w-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 1 + windows/security/identity-protection/vpn/vpn-authentication.md | 1 + .../security/identity-protection/vpn/vpn-auto-trigger-profile.md | 1 + .../security/identity-protection/vpn/vpn-conditional-access.md | 1 + windows/security/identity-protection/vpn/vpn-connection-type.md | 1 + windows/security/identity-protection/vpn/vpn-guide.md | 1 + windows/security/identity-protection/vpn/vpn-name-resolution.md | 1 + windows/security/identity-protection/vpn/vpn-profile-options.md | 1 + windows/security/identity-protection/vpn/vpn-routing.md | 1 + .../security/identity-protection/vpn/vpn-security-features.md | 1 + windows/security/information-protection/encrypted-hard-drive.md | 1 + ...-security-monitoring-recommendations-for-many-audit-events.md | 1 + .../security/threat-protection/auditing/audit-account-lockout.md | 1 + .../threat-protection/auditing/audit-application-generated.md | 1 + .../auditing/audit-application-group-management.md | 1 + .../threat-protection/auditing/audit-audit-policy-change.md | 1 + .../auditing/audit-authentication-policy-change.md | 1 + .../auditing/audit-authorization-policy-change.md | 1 + .../auditing/audit-central-access-policy-staging.md | 1 + .../threat-protection/auditing/audit-certification-services.md | 1 + .../auditing/audit-computer-account-management.md | 1 + .../threat-protection/auditing/audit-credential-validation.md | 1 + .../auditing/audit-detailed-directory-service-replication.md | 1 + .../threat-protection/auditing/audit-detailed-file-share.md | 1 + .../threat-protection/auditing/audit-directory-service-access.md | 1 + .../auditing/audit-directory-service-changes.md | 1 + .../auditing/audit-directory-service-replication.md | 1 + .../auditing/audit-distribution-group-management.md | 1 + .../security/threat-protection/auditing/audit-dpapi-activity.md | 1 + windows/security/threat-protection/auditing/audit-file-share.md | 1 + windows/security/threat-protection/auditing/audit-file-system.md | 1 + .../auditing/audit-filtering-platform-connection.md | 1 + .../auditing/audit-filtering-platform-packet-drop.md | 1 + .../auditing/audit-filtering-platform-policy-change.md | 1 + .../threat-protection/auditing/audit-group-membership.md | 1 + .../threat-protection/auditing/audit-handle-manipulation.md | 1 + .../security/threat-protection/auditing/audit-ipsec-driver.md | 1 + .../threat-protection/auditing/audit-ipsec-extended-mode.md | 1 + .../security/threat-protection/auditing/audit-ipsec-main-mode.md | 1 + .../threat-protection/auditing/audit-ipsec-quick-mode.md | 1 + .../auditing/audit-kerberos-authentication-service.md | 1 + .../auditing/audit-kerberos-service-ticket-operations.md | 1 + .../security/threat-protection/auditing/audit-kernel-object.md | 1 + windows/security/threat-protection/auditing/audit-logoff.md | 1 + windows/security/threat-protection/auditing/audit-logon.md | 1 + .../auditing/audit-mpssvc-rule-level-policy-change.md | 1 + .../threat-protection/auditing/audit-network-policy-server.md | 1 + .../auditing/audit-non-sensitive-privilege-use.md | 1 + .../auditing/audit-other-account-logon-events.md | 1 + .../auditing/audit-other-account-management-events.md | 1 + .../threat-protection/auditing/audit-other-logonlogoff-events.md | 1 + .../auditing/audit-other-object-access-events.md | 1 + .../auditing/audit-other-policy-change-events.md | 1 + .../auditing/audit-other-privilege-use-events.md | 1 + .../threat-protection/auditing/audit-other-system-events.md | 1 + .../security/threat-protection/auditing/audit-pnp-activity.md | 1 + .../threat-protection/auditing/audit-process-creation.md | 1 + .../threat-protection/auditing/audit-process-termination.md | 1 + windows/security/threat-protection/auditing/audit-registry.md | 1 + .../threat-protection/auditing/audit-removable-storage.md | 1 + windows/security/threat-protection/auditing/audit-rpc-events.md | 1 + windows/security/threat-protection/auditing/audit-sam.md | 1 + .../auditing/audit-security-group-management.md | 1 + .../threat-protection/auditing/audit-security-state-change.md | 1 + .../auditing/audit-security-system-extension.md | 1 + .../threat-protection/auditing/audit-sensitive-privilege-use.md | 1 + .../security/threat-protection/auditing/audit-special-logon.md | 1 + .../threat-protection/auditing/audit-system-integrity.md | 1 + .../threat-protection/auditing/audit-user-account-management.md | 1 + .../threat-protection/auditing/audit-user-device-claims.md | 1 + windows/security/threat-protection/auditing/event-1100.md | 1 + windows/security/threat-protection/auditing/event-1102.md | 1 + windows/security/threat-protection/auditing/event-1104.md | 1 + windows/security/threat-protection/auditing/event-1105.md | 1 + windows/security/threat-protection/auditing/event-1108.md | 1 + windows/security/threat-protection/auditing/event-4608.md | 1 + windows/security/threat-protection/auditing/event-4610.md | 1 + windows/security/threat-protection/auditing/event-4611.md | 1 + windows/security/threat-protection/auditing/event-4612.md | 1 + windows/security/threat-protection/auditing/event-4614.md | 1 + windows/security/threat-protection/auditing/event-4615.md | 1 + windows/security/threat-protection/auditing/event-4616.md | 1 + windows/security/threat-protection/auditing/event-4618.md | 1 + windows/security/threat-protection/auditing/event-4621.md | 1 + windows/security/threat-protection/auditing/event-4622.md | 1 + windows/security/threat-protection/auditing/event-4624.md | 1 + windows/security/threat-protection/auditing/event-4625.md | 1 + windows/security/threat-protection/auditing/event-4626.md | 1 + windows/security/threat-protection/auditing/event-4627.md | 1 + windows/security/threat-protection/auditing/event-4634.md | 1 + windows/security/threat-protection/auditing/event-4647.md | 1 + windows/security/threat-protection/auditing/event-4648.md | 1 + windows/security/threat-protection/auditing/event-4649.md | 1 + windows/security/threat-protection/auditing/event-4656.md | 1 + windows/security/threat-protection/auditing/event-4657.md | 1 + windows/security/threat-protection/auditing/event-4658.md | 1 + windows/security/threat-protection/auditing/event-4660.md | 1 + windows/security/threat-protection/auditing/event-4661.md | 1 + windows/security/threat-protection/auditing/event-4662.md | 1 + windows/security/threat-protection/auditing/event-4663.md | 1 + windows/security/threat-protection/auditing/event-4664.md | 1 + windows/security/threat-protection/auditing/event-4670.md | 1 + windows/security/threat-protection/auditing/event-4671.md | 1 + windows/security/threat-protection/auditing/event-4672.md | 1 + windows/security/threat-protection/auditing/event-4673.md | 1 + windows/security/threat-protection/auditing/event-4674.md | 1 + windows/security/threat-protection/auditing/event-4675.md | 1 + windows/security/threat-protection/auditing/event-4688.md | 1 + windows/security/threat-protection/auditing/event-4689.md | 1 + windows/security/threat-protection/auditing/event-4690.md | 1 + windows/security/threat-protection/auditing/event-4691.md | 1 + windows/security/threat-protection/auditing/event-4692.md | 1 + windows/security/threat-protection/auditing/event-4693.md | 1 + windows/security/threat-protection/auditing/event-4694.md | 1 + windows/security/threat-protection/auditing/event-4695.md | 1 + windows/security/threat-protection/auditing/event-4696.md | 1 + windows/security/threat-protection/auditing/event-4697.md | 1 + windows/security/threat-protection/auditing/event-4698.md | 1 + windows/security/threat-protection/auditing/event-4699.md | 1 + windows/security/threat-protection/auditing/event-4700.md | 1 + windows/security/threat-protection/auditing/event-4701.md | 1 + windows/security/threat-protection/auditing/event-4702.md | 1 + windows/security/threat-protection/auditing/event-4703.md | 1 + windows/security/threat-protection/auditing/event-4704.md | 1 + windows/security/threat-protection/auditing/event-4705.md | 1 + windows/security/threat-protection/auditing/event-4706.md | 1 + windows/security/threat-protection/auditing/event-4707.md | 1 + windows/security/threat-protection/auditing/event-4713.md | 1 + windows/security/threat-protection/auditing/event-4714.md | 1 + windows/security/threat-protection/auditing/event-4715.md | 1 + windows/security/threat-protection/auditing/event-4716.md | 1 + windows/security/threat-protection/auditing/event-4717.md | 1 + windows/security/threat-protection/auditing/event-4718.md | 1 + windows/security/threat-protection/auditing/event-4719.md | 1 + windows/security/threat-protection/auditing/event-4720.md | 1 + windows/security/threat-protection/auditing/event-4722.md | 1 + windows/security/threat-protection/auditing/event-4723.md | 1 + windows/security/threat-protection/auditing/event-4724.md | 1 + windows/security/threat-protection/auditing/event-4725.md | 1 + windows/security/threat-protection/auditing/event-4726.md | 1 + windows/security/threat-protection/auditing/event-4731.md | 1 + windows/security/threat-protection/auditing/event-4732.md | 1 + windows/security/threat-protection/auditing/event-4733.md | 1 + windows/security/threat-protection/auditing/event-4734.md | 1 + windows/security/threat-protection/auditing/event-4735.md | 1 + windows/security/threat-protection/auditing/event-4738.md | 1 + windows/security/threat-protection/auditing/event-4739.md | 1 + windows/security/threat-protection/auditing/event-4740.md | 1 + windows/security/threat-protection/auditing/event-4741.md | 1 + windows/security/threat-protection/auditing/event-4742.md | 1 + windows/security/threat-protection/auditing/event-4743.md | 1 + windows/security/threat-protection/auditing/event-4749.md | 1 + windows/security/threat-protection/auditing/event-4750.md | 1 + windows/security/threat-protection/auditing/event-4751.md | 1 + windows/security/threat-protection/auditing/event-4752.md | 1 + windows/security/threat-protection/auditing/event-4753.md | 1 + windows/security/threat-protection/auditing/event-4764.md | 1 + windows/security/threat-protection/auditing/event-4765.md | 1 + windows/security/threat-protection/auditing/event-4766.md | 1 + windows/security/threat-protection/auditing/event-4767.md | 1 + windows/security/threat-protection/auditing/event-4768.md | 1 + windows/security/threat-protection/auditing/event-4769.md | 1 + windows/security/threat-protection/auditing/event-4770.md | 1 + windows/security/threat-protection/auditing/event-4771.md | 1 + windows/security/threat-protection/auditing/event-4772.md | 1 + windows/security/threat-protection/auditing/event-4773.md | 1 + windows/security/threat-protection/auditing/event-4774.md | 1 + windows/security/threat-protection/auditing/event-4775.md | 1 + windows/security/threat-protection/auditing/event-4776.md | 1 + windows/security/threat-protection/auditing/event-4777.md | 1 + windows/security/threat-protection/auditing/event-4778.md | 1 + windows/security/threat-protection/auditing/event-4779.md | 1 + windows/security/threat-protection/auditing/event-4780.md | 1 + windows/security/threat-protection/auditing/event-4781.md | 1 + windows/security/threat-protection/auditing/event-4782.md | 1 + windows/security/threat-protection/auditing/event-4793.md | 1 + windows/security/threat-protection/auditing/event-4794.md | 1 + windows/security/threat-protection/auditing/event-4798.md | 1 + windows/security/threat-protection/auditing/event-4799.md | 1 + windows/security/threat-protection/auditing/event-4800.md | 1 + windows/security/threat-protection/auditing/event-4801.md | 1 + windows/security/threat-protection/auditing/event-4802.md | 1 + windows/security/threat-protection/auditing/event-4803.md | 1 + windows/security/threat-protection/auditing/event-4816.md | 1 + windows/security/threat-protection/auditing/event-4817.md | 1 + windows/security/threat-protection/auditing/event-4818.md | 1 + windows/security/threat-protection/auditing/event-4819.md | 1 + windows/security/threat-protection/auditing/event-4826.md | 1 + windows/security/threat-protection/auditing/event-4864.md | 1 + windows/security/threat-protection/auditing/event-4865.md | 1 + windows/security/threat-protection/auditing/event-4866.md | 1 + windows/security/threat-protection/auditing/event-4867.md | 1 + windows/security/threat-protection/auditing/event-4902.md | 1 + windows/security/threat-protection/auditing/event-4904.md | 1 + windows/security/threat-protection/auditing/event-4905.md | 1 + windows/security/threat-protection/auditing/event-4906.md | 1 + windows/security/threat-protection/auditing/event-4907.md | 1 + windows/security/threat-protection/auditing/event-4908.md | 1 + windows/security/threat-protection/auditing/event-4909.md | 1 + windows/security/threat-protection/auditing/event-4910.md | 1 + windows/security/threat-protection/auditing/event-4911.md | 1 + windows/security/threat-protection/auditing/event-4912.md | 1 + windows/security/threat-protection/auditing/event-4913.md | 1 + windows/security/threat-protection/auditing/event-4928.md | 1 + windows/security/threat-protection/auditing/event-4929.md | 1 + windows/security/threat-protection/auditing/event-4930.md | 1 + windows/security/threat-protection/auditing/event-4931.md | 1 + windows/security/threat-protection/auditing/event-4932.md | 1 + windows/security/threat-protection/auditing/event-4933.md | 1 + windows/security/threat-protection/auditing/event-4934.md | 1 + windows/security/threat-protection/auditing/event-4935.md | 1 + windows/security/threat-protection/auditing/event-4936.md | 1 + windows/security/threat-protection/auditing/event-4937.md | 1 + windows/security/threat-protection/auditing/event-4944.md | 1 + windows/security/threat-protection/auditing/event-4945.md | 1 + windows/security/threat-protection/auditing/event-4946.md | 1 + windows/security/threat-protection/auditing/event-4947.md | 1 + windows/security/threat-protection/auditing/event-4948.md | 1 + windows/security/threat-protection/auditing/event-4949.md | 1 + windows/security/threat-protection/auditing/event-4950.md | 1 + windows/security/threat-protection/auditing/event-4951.md | 1 + windows/security/threat-protection/auditing/event-4952.md | 1 + windows/security/threat-protection/auditing/event-4953.md | 1 + windows/security/threat-protection/auditing/event-4954.md | 1 + windows/security/threat-protection/auditing/event-4956.md | 1 + windows/security/threat-protection/auditing/event-4957.md | 1 + windows/security/threat-protection/auditing/event-4958.md | 1 + windows/security/threat-protection/auditing/event-4964.md | 1 + windows/security/threat-protection/auditing/event-4985.md | 1 + windows/security/threat-protection/auditing/event-5024.md | 1 + windows/security/threat-protection/auditing/event-5025.md | 1 + windows/security/threat-protection/auditing/event-5027.md | 1 + windows/security/threat-protection/auditing/event-5028.md | 1 + windows/security/threat-protection/auditing/event-5029.md | 1 + windows/security/threat-protection/auditing/event-5030.md | 1 + windows/security/threat-protection/auditing/event-5031.md | 1 + windows/security/threat-protection/auditing/event-5032.md | 1 + windows/security/threat-protection/auditing/event-5033.md | 1 + windows/security/threat-protection/auditing/event-5034.md | 1 + windows/security/threat-protection/auditing/event-5035.md | 1 + windows/security/threat-protection/auditing/event-5037.md | 1 + windows/security/threat-protection/auditing/event-5038.md | 1 + windows/security/threat-protection/auditing/event-5039.md | 1 + windows/security/threat-protection/auditing/event-5051.md | 1 + windows/security/threat-protection/auditing/event-5056.md | 1 + windows/security/threat-protection/auditing/event-5057.md | 1 + windows/security/threat-protection/auditing/event-5058.md | 1 + windows/security/threat-protection/auditing/event-5059.md | 1 + windows/security/threat-protection/auditing/event-5060.md | 1 + windows/security/threat-protection/auditing/event-5061.md | 1 + windows/security/threat-protection/auditing/event-5062.md | 1 + windows/security/threat-protection/auditing/event-5063.md | 1 + windows/security/threat-protection/auditing/event-5064.md | 1 + windows/security/threat-protection/auditing/event-5065.md | 1 + windows/security/threat-protection/auditing/event-5066.md | 1 + windows/security/threat-protection/auditing/event-5067.md | 1 + windows/security/threat-protection/auditing/event-5068.md | 1 + windows/security/threat-protection/auditing/event-5069.md | 1 + windows/security/threat-protection/auditing/event-5070.md | 1 + windows/security/threat-protection/auditing/event-5136.md | 1 + windows/security/threat-protection/auditing/event-5137.md | 1 + windows/security/threat-protection/auditing/event-5138.md | 1 + windows/security/threat-protection/auditing/event-5139.md | 1 + windows/security/threat-protection/auditing/event-5140.md | 1 + windows/security/threat-protection/auditing/event-5141.md | 1 + windows/security/threat-protection/auditing/event-5142.md | 1 + windows/security/threat-protection/auditing/event-5143.md | 1 + windows/security/threat-protection/auditing/event-5144.md | 1 + windows/security/threat-protection/auditing/event-5145.md | 1 + windows/security/threat-protection/auditing/event-5148.md | 1 + windows/security/threat-protection/auditing/event-5149.md | 1 + windows/security/threat-protection/auditing/event-5150.md | 1 + windows/security/threat-protection/auditing/event-5151.md | 1 + windows/security/threat-protection/auditing/event-5152.md | 1 + windows/security/threat-protection/auditing/event-5153.md | 1 + windows/security/threat-protection/auditing/event-5154.md | 1 + windows/security/threat-protection/auditing/event-5155.md | 1 + windows/security/threat-protection/auditing/event-5156.md | 1 + windows/security/threat-protection/auditing/event-5157.md | 1 + windows/security/threat-protection/auditing/event-5158.md | 1 + windows/security/threat-protection/auditing/event-5159.md | 1 + windows/security/threat-protection/auditing/event-5168.md | 1 + windows/security/threat-protection/auditing/event-5376.md | 1 + windows/security/threat-protection/auditing/event-5377.md | 1 + windows/security/threat-protection/auditing/event-5378.md | 1 + windows/security/threat-protection/auditing/event-5447.md | 1 + windows/security/threat-protection/auditing/event-5632.md | 1 + windows/security/threat-protection/auditing/event-5633.md | 1 + windows/security/threat-protection/auditing/event-5712.md | 1 + windows/security/threat-protection/auditing/event-5888.md | 1 + windows/security/threat-protection/auditing/event-5889.md | 1 + windows/security/threat-protection/auditing/event-5890.md | 1 + windows/security/threat-protection/auditing/event-6144.md | 1 + windows/security/threat-protection/auditing/event-6145.md | 1 + windows/security/threat-protection/auditing/event-6281.md | 1 + windows/security/threat-protection/auditing/event-6400.md | 1 + windows/security/threat-protection/auditing/event-6401.md | 1 + windows/security/threat-protection/auditing/event-6402.md | 1 + windows/security/threat-protection/auditing/event-6403.md | 1 + windows/security/threat-protection/auditing/event-6404.md | 1 + windows/security/threat-protection/auditing/event-6405.md | 1 + windows/security/threat-protection/auditing/event-6406.md | 1 + windows/security/threat-protection/auditing/event-6407.md | 1 + windows/security/threat-protection/auditing/event-6408.md | 1 + windows/security/threat-protection/auditing/event-6409.md | 1 + windows/security/threat-protection/auditing/event-6410.md | 1 + windows/security/threat-protection/auditing/event-6416.md | 1 + windows/security/threat-protection/auditing/event-6419.md | 1 + windows/security/threat-protection/auditing/event-6420.md | 1 + windows/security/threat-protection/auditing/event-6421.md | 1 + windows/security/threat-protection/auditing/event-6422.md | 1 + windows/security/threat-protection/auditing/event-6423.md | 1 + windows/security/threat-protection/auditing/event-6424.md | 1 + .../auditing/how-to-list-xml-elements-in-eventdata.md | 1 + windows/security/threat-protection/auditing/other-events.md | 1 + .../threat-protection/block-untrusted-fonts-in-enterprise.md | 1 + .../configure-md-app-guard.md | 1 + .../microsoft-defender-application-guard/install-md-app-guard.md | 1 + .../md-app-guard-browser-extension.md | 1 + .../md-app-guard-overview.md | 1 + .../test-scenarios-md-app-guard.md | 1 + .../microsoft-defender-smartscreen-available-settings.md | 1 + .../microsoft-defender-smartscreen-set-individual-device.md | 1 + .../phishing-protection-microsoft-defender-smartscreen.md | 1 + ...sets-by-controlling-the-health-of-windows-10-based-devices.md | 1 + ...rosoft-network-client-digitally-sign-communications-always.md | 1 + .../security-policy-settings/minimum-password-age.md | 1 + ...k-access-restrict-clients-allowed-to-make-remote-sam-calls.md | 1 + .../security-policy-settings/security-options.md | 1 + ...-windows-event-forwarding-to-assist-in-intrusion-detection.md | 1 + .../applocker/working-with-applocker-rules.md | 1 + .../wdsc-windows-10-in-s-mode.md | 1 + .../how-hardware-based-root-of-trust-helps-protect-windows.md | 1 + .../system-guard-secure-launch-and-smm-protection.md | 1 + ...figure-the-workstation-authentication-certificate-template.md | 1 + 336 files changed, 336 insertions(+) diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 5ca81d5c91..188fe97442 100644 --- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -12,6 +12,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 ms.technology: itpro-security +ms.topic: how-to --- # How to configure Diffie Hellman protocol over IKEv2 VPN connections diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index 4b167fab27..371193641b 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -11,6 +11,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 ms.technology: itpro-security +ms.topic: how-to --- # How to use Single Sign-On (SSO) over VPN and Wi-Fi connections diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md index fa541c4f87..a44aa1b079 100644 --- a/windows/security/identity-protection/vpn/vpn-authentication.md +++ b/windows/security/identity-protection/vpn/vpn-authentication.md @@ -12,6 +12,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 ms.technology: itpro-security +ms.topic: conceptual --- # VPN authentication options diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index e7e1f831ab..61044232d2 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -12,6 +12,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 ms.technology: itpro-security +ms.topic: conceptual --- # VPN auto-triggered profile options diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 5d7a695376..5da2a635a4 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -12,6 +12,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 ms.technology: itpro-security +ms.topic: conceptual --- # VPN and conditional access diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md index c3b4995351..e9eecdbbb9 100644 --- a/windows/security/identity-protection/vpn/vpn-connection-type.md +++ b/windows/security/identity-protection/vpn/vpn-connection-type.md @@ -12,6 +12,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 ms.technology: itpro-security +ms.topic: conceptual --- # VPN connection types diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md index 40331b878d..f8cf27d242 100644 --- a/windows/security/identity-protection/vpn/vpn-guide.md +++ b/windows/security/identity-protection/vpn/vpn-guide.md @@ -12,6 +12,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 ms.technology: itpro-security +ms.topic: conceptual --- # Windows VPN technical guide diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md index 61fccf4518..34f201d00a 100644 --- a/windows/security/identity-protection/vpn/vpn-name-resolution.md +++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md @@ -12,6 +12,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 ms.technology: itpro-security +ms.topic: conceptual --- # VPN name resolution diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index ebd414e637..d5725508e4 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -12,6 +12,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 ms.technology: itpro-security +ms.topic: conceptual --- # VPN profile options diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md index 195202fe24..be5bc1caf0 100644 --- a/windows/security/identity-protection/vpn/vpn-routing.md +++ b/windows/security/identity-protection/vpn/vpn-routing.md @@ -12,6 +12,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 ms.technology: itpro-security +ms.topic: conceptual --- # VPN routing decisions diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md index d21e11182a..f8fb6861a0 100644 --- a/windows/security/identity-protection/vpn/vpn-security-features.md +++ b/windows/security/identity-protection/vpn/vpn-security-features.md @@ -12,6 +12,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 ms.technology: itpro-security +ms.topic: conceptual --- # VPN security features diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md index 765325f2f0..82af1b7c01 100644 --- a/windows/security/information-protection/encrypted-hard-drive.md +++ b/windows/security/information-protection/encrypted-hard-drive.md @@ -8,6 +8,7 @@ ms.prod: windows-client author: frankroj ms.date: 11/08/2022 ms.technology: itpro-security +ms.topic: conceptual --- # Encrypted Hard Drive diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md index 3838e0f0f4..eb734ebf54 100644 --- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md +++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # Appendix A: Security monitoring recommendations for many audit events diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md index 9d49394e56..f2cf0cc5ec 100644 --- a/windows/security/threat-protection/auditing/audit-account-lockout.md +++ b/windows/security/threat-protection/auditing/audit-account-lockout.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Account Lockout diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index f7ca99507d..36f8f451a0 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Application Generated diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md index 706551065b..cb91f3fa61 100644 --- a/windows/security/threat-protection/auditing/audit-application-group-management.md +++ b/windows/security/threat-protection/auditing/audit-application-group-management.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Application Group Management diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md index aaf65be8db..c5cdf8c616 100644 --- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Audit Policy Change diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md index 6754a2796a..318f08b516 100644 --- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Authentication Policy Change diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md index e8c3a7d588..b7fd89b268 100644 --- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Authorization Policy Change diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index 5e92817efe..62ac5c925c 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Central Access Policy Staging diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md index bc1ec469f1..889edc295b 100644 --- a/windows/security/threat-protection/auditing/audit-certification-services.md +++ b/windows/security/threat-protection/auditing/audit-certification-services.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Certification Services diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md index 8c42317e94..63ad7eaac9 100644 --- a/windows/security/threat-protection/auditing/audit-computer-account-management.md +++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Computer Account Management diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md index b04f1cb5a9..a5a9dc7158 100644 --- a/windows/security/threat-protection/auditing/audit-credential-validation.md +++ b/windows/security/threat-protection/auditing/audit-credential-validation.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Credential Validation diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md index 72f481f66b..7fffbad3df 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Detailed Directory Service Replication diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md index 16b1667db6..9ec6b5c148 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md +++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Detailed File Share diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md index a70119e0d5..e58853650d 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Directory Service Access diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md index 5aa0e36978..c9485389e9 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Directory Service Changes diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md index f9c45299fe..046dd9a1e7 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Directory Service Replication diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md index 23341f0d60..8eb5bb988c 100644 --- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md +++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Distribution Group Management diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md index bc24e85d75..79dbf17692 100644 --- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md +++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit DPAPI Activity diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md index 59c2d6638e..577c138f46 100644 --- a/windows/security/threat-protection/auditing/audit-file-share.md +++ b/windows/security/threat-protection/auditing/audit-file-share.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit File Share diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md index c9a66ed82e..037faaf8f4 100644 --- a/windows/security/threat-protection/auditing/audit-file-system.md +++ b/windows/security/threat-protection/auditing/audit-file-system.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit File System diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md index 7984928783..5877ab26f1 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Filtering Platform Connection diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md index 15c0bc27d2..9003cab47c 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Filtering Platform Packet Drop diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md index b8f192cccd..1a4cab1153 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Filtering Platform Policy Change diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md index b3740aca1a..9f32d9d336 100644 --- a/windows/security/threat-protection/auditing/audit-group-membership.md +++ b/windows/security/threat-protection/auditing/audit-group-membership.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Group Membership diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md index c468ff02f3..50470902eb 100644 --- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md +++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Handle Manipulation diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md index dc52d2d90e..cfcefafd36 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit IPsec Driver diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md index 92e2d71f5e..33bfbb485d 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit IPsec Extended Mode diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md index 965715efa2..7f1d59e38c 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit IPsec Main Mode diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md index 7a8be4ff82..869e1f4dcf 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit IPsec Quick Mode diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md index 98a1c8f558..4ed0bce866 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Kerberos Authentication Service diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md index 135c2882b7..ed3c49dfef 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Kerberos Service Ticket Operations diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md index bb5d6d221a..0dd8928c22 100644 --- a/windows/security/threat-protection/auditing/audit-kernel-object.md +++ b/windows/security/threat-protection/auditing/audit-kernel-object.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Kernel Object diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md index b6108a6488..6a1f7f33ef 100644 --- a/windows/security/threat-protection/auditing/audit-logoff.md +++ b/windows/security/threat-protection/auditing/audit-logoff.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Logoff diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md index 74e7fe7f8f..4b78d70722 100644 --- a/windows/security/threat-protection/auditing/audit-logon.md +++ b/windows/security/threat-protection/auditing/audit-logon.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Logon diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md index a441c97c4c..4081cf31a9 100644 --- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit MPSSVC Rule-Level Policy Change diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md index 6c9a0fb877..2501fecc08 100644 --- a/windows/security/threat-protection/auditing/audit-network-policy-server.md +++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Network Policy Server diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md index b9920a8900..01b3fb153f 100644 --- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Non-Sensitive Privilege Use diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md index 23ab2587a5..23ee128d63 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Other Account Logon Events diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md index 7d8e27c634..8f3d985309 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Other Account Management Events diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md index 43e4b822aa..789ab297be 100644 --- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md +++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Other Logon/Logoff Events diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md index 901c4b5a7e..5dc0923e42 100644 --- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md +++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Other Object Access Events diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md index 776b3fdec9..d088e9f929 100644 --- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md +++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Other Policy Change Events diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md index 97a8de3544..c2487a6b33 100644 --- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md +++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Other Privilege Use Events diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md index 015eb3ddea..63cfb375b0 100644 --- a/windows/security/threat-protection/auditing/audit-other-system-events.md +++ b/windows/security/threat-protection/auditing/audit-other-system-events.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Other System Events diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md index da07e88f35..224eae5fcb 100644 --- a/windows/security/threat-protection/auditing/audit-pnp-activity.md +++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit PNP Activity diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md index 3eb6dcf190..07b283ace9 100644 --- a/windows/security/threat-protection/auditing/audit-process-creation.md +++ b/windows/security/threat-protection/auditing/audit-process-creation.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 03/16/2022 ms.technology: itpro-security +ms.topic: reference --- # Audit Process Creation diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md index 60a0a05de7..b156ba658a 100644 --- a/windows/security/threat-protection/auditing/audit-process-termination.md +++ b/windows/security/threat-protection/auditing/audit-process-termination.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Process Termination diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index e67da43c3e..a4423aeb52 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 01/05/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Registry diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md index 4277dd71c8..c9d2586107 100644 --- a/windows/security/threat-protection/auditing/audit-removable-storage.md +++ b/windows/security/threat-protection/auditing/audit-removable-storage.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Removable Storage diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md index 27dc6938be..bee389855a 100644 --- a/windows/security/threat-protection/auditing/audit-rpc-events.md +++ b/windows/security/threat-protection/auditing/audit-rpc-events.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit RPC Events diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md index 1f295079c7..c92e7d5ba5 100644 --- a/windows/security/threat-protection/auditing/audit-sam.md +++ b/windows/security/threat-protection/auditing/audit-sam.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit SAM diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index 6fe81c704f..0564c257b6 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Security Group Management diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md index 94c6d1f229..25686b4f33 100644 --- a/windows/security/threat-protection/auditing/audit-security-state-change.md +++ b/windows/security/threat-protection/auditing/audit-security-state-change.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Security State Change diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md index fbda6e4cbb..72a72a15aa 100644 --- a/windows/security/threat-protection/auditing/audit-security-system-extension.md +++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Security System Extension diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index eb8714f152..c79520f698 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Sensitive Privilege Use diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md index 8f865d11bc..e9958ffa2e 100644 --- a/windows/security/threat-protection/auditing/audit-special-logon.md +++ b/windows/security/threat-protection/auditing/audit-special-logon.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit Special Logon diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md index 761abff74a..4a313d8ae0 100644 --- a/windows/security/threat-protection/auditing/audit-system-integrity.md +++ b/windows/security/threat-protection/auditing/audit-system-integrity.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit System Integrity diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md index 7efa2301e3..2faba55a60 100644 --- a/windows/security/threat-protection/auditing/audit-user-account-management.md +++ b/windows/security/threat-protection/auditing/audit-user-account-management.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit User Account Management diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index 750c5568ca..e22930f47a 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -13,6 +13,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: itpro-security +ms.topic: reference --- # Audit User/Device Claims diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md index b5e2bfaf89..b0606e87da 100644 --- a/windows/security/threat-protection/auditing/event-1100.md +++ b/windows/security/threat-protection/auditing/event-1100.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 1100(S): The event logging service has shut down. diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md index 3da9fc2a33..c319070f2a 100644 --- a/windows/security/threat-protection/auditing/event-1102.md +++ b/windows/security/threat-protection/auditing/event-1102.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 1102(S): The audit log was cleared. diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md index 71e08f1f79..7768b7a43a 100644 --- a/windows/security/threat-protection/auditing/event-1104.md +++ b/windows/security/threat-protection/auditing/event-1104.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 1104(S): The security log is now full. diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md index 6eea66a2d6..2c10dd205e 100644 --- a/windows/security/threat-protection/auditing/event-1105.md +++ b/windows/security/threat-protection/auditing/event-1105.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 1105(S): Event log automatic backup diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md index 3ef547a322..3412104704 100644 --- a/windows/security/threat-protection/auditing/event-1108.md +++ b/windows/security/threat-protection/auditing/event-1108.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 1108(S): The event logging service encountered an error while processing an incoming event published from %1. diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index 51e0c51819..bbcb45e073 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4608(S): Windows is starting up. diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md index cbb410b55d..2307a50732 100644 --- a/windows/security/threat-protection/auditing/event-4610.md +++ b/windows/security/threat-protection/auditing/event-4610.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4610(S): An authentication package has been loaded by the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md index 0f4b7b7a55..54b57cc223 100644 --- a/windows/security/threat-protection/auditing/event-4611.md +++ b/windows/security/threat-protection/auditing/event-4611.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4611(S): A trusted logon process has been registered with the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md index 15ba866bce..111fa80c83 100644 --- a/windows/security/threat-protection/auditing/event-4612.md +++ b/windows/security/threat-protection/auditing/event-4612.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md index 1dbbdeeefe..edb915b91d 100644 --- a/windows/security/threat-protection/auditing/event-4614.md +++ b/windows/security/threat-protection/auditing/event-4614.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4614(S): A notification package has been loaded by the Security Account Manager. diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md index d3cd763690..f74209909e 100644 --- a/windows/security/threat-protection/auditing/event-4615.md +++ b/windows/security/threat-protection/auditing/event-4615.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4615(S): Invalid use of LPC port. diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index dfd4eb58db..166b695ebb 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4616(S): The system time was changed. diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md index dcbe79c3ac..f35815a20c 100644 --- a/windows/security/threat-protection/auditing/event-4618.md +++ b/windows/security/threat-protection/auditing/event-4618.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4618(S): A monitored security event pattern has occurred. diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md index 8d85ca11c8..64e4f81134 100644 --- a/windows/security/threat-protection/auditing/event-4621.md +++ b/windows/security/threat-protection/auditing/event-4621.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4621(S): Administrator recovered system from CrashOnAuditFail. diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md index b4d338e351..5dc147c077 100644 --- a/windows/security/threat-protection/auditing/event-4622.md +++ b/windows/security/threat-protection/auditing/event-4622.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4622(S): A security package has been loaded by the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index 9a2a4e5b64..d505b5d9ef 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -14,6 +14,7 @@ ms.author: vinpa ms.technology: itpro-security ms.collection: - highpri +ms.topic: reference --- # 4624(S): An account was successfully logged on. diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index 8030b3d479..81657a6361 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -14,6 +14,7 @@ ms.author: vinpa ms.technology: itpro-security ms.collection: - highpri +ms.topic: reference --- # 4625(F): An account failed to log on. diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md index d855d40847..addb26abce 100644 --- a/windows/security/threat-protection/auditing/event-4626.md +++ b/windows/security/threat-protection/auditing/event-4626.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4626(S): User/Device claims information. diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index b86dcd5739..0da1f08aee 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4627(S): Group membership information. diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md index 467dedd19f..6d8ed22539 100644 --- a/windows/security/threat-protection/auditing/event-4634.md +++ b/windows/security/threat-protection/auditing/event-4634.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4634(S): An account was logged off. diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md index 9ff4d6507e..64c7e02466 100644 --- a/windows/security/threat-protection/auditing/event-4647.md +++ b/windows/security/threat-protection/auditing/event-4647.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4647(S): User initiated logoff. diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md index b0cab6c7cd..5ffebb9c04 100644 --- a/windows/security/threat-protection/auditing/event-4648.md +++ b/windows/security/threat-protection/auditing/event-4648.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4648(S): A logon was attempted using explicit credentials. diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md index 4447ed9ef5..98a1c9ad18 100644 --- a/windows/security/threat-protection/auditing/event-4649.md +++ b/windows/security/threat-protection/auditing/event-4649.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4649(S): A replay attack was detected. diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md index 4f9aa3d55a..7d974fa3fa 100644 --- a/windows/security/threat-protection/auditing/event-4656.md +++ b/windows/security/threat-protection/auditing/event-4656.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4656(S, F): A handle to an object was requested. diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md index fbe96e603d..cb4ecc3ae1 100644 --- a/windows/security/threat-protection/auditing/event-4657.md +++ b/windows/security/threat-protection/auditing/event-4657.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4657(S): A registry value was modified. diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md index c577dd8cb1..532558cd00 100644 --- a/windows/security/threat-protection/auditing/event-4658.md +++ b/windows/security/threat-protection/auditing/event-4658.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4658(S): The handle to an object was closed. diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md index 52e57a1502..b0124437c6 100644 --- a/windows/security/threat-protection/auditing/event-4660.md +++ b/windows/security/threat-protection/auditing/event-4660.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4660(S): An object was deleted. diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md index bf8b9b0543..383989f443 100644 --- a/windows/security/threat-protection/auditing/event-4661.md +++ b/windows/security/threat-protection/auditing/event-4661.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4661(S, F): A handle to an object was requested. diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md index cdc37e9ac3..cf19827489 100644 --- a/windows/security/threat-protection/auditing/event-4662.md +++ b/windows/security/threat-protection/auditing/event-4662.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4662(S, F): An operation was performed on an object. diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md index e92604294e..cf790af491 100644 --- a/windows/security/threat-protection/auditing/event-4663.md +++ b/windows/security/threat-protection/auditing/event-4663.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4663(S): An attempt was made to access an object. diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md index 5d20d8cbda..0a27e27f7d 100644 --- a/windows/security/threat-protection/auditing/event-4664.md +++ b/windows/security/threat-protection/auditing/event-4664.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4664(S): An attempt was made to create a hard link. diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index 1775901f8b..9509f490e5 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4670(S): Permissions on an object were changed. diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md index 7a1ee6965a..3215da12d8 100644 --- a/windows/security/threat-protection/auditing/event-4671.md +++ b/windows/security/threat-protection/auditing/event-4671.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4671(-): An application attempted to access a blocked ordinal through the TBS. diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md index 25a4365bb7..3b61e352a2 100644 --- a/windows/security/threat-protection/auditing/event-4672.md +++ b/windows/security/threat-protection/auditing/event-4672.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4672(S): Special privileges assigned to new logon. diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md index e4ba4b8a01..e63486e9fa 100644 --- a/windows/security/threat-protection/auditing/event-4673.md +++ b/windows/security/threat-protection/auditing/event-4673.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4673(S, F): A privileged service was called. diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md index 09b8e8a50e..11f8c3fb62 100644 --- a/windows/security/threat-protection/auditing/event-4674.md +++ b/windows/security/threat-protection/auditing/event-4674.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4674(S, F): An operation was attempted on a privileged object. diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md index 8a6b84b8e9..6daf08eef3 100644 --- a/windows/security/threat-protection/auditing/event-4675.md +++ b/windows/security/threat-protection/auditing/event-4675.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4675(S): SIDs were filtered. diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index 2416040af7..5742fbd554 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4688(S): A new process has been created. (Windows 10) diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md index e64fd85f5a..f2014c9a1e 100644 --- a/windows/security/threat-protection/auditing/event-4689.md +++ b/windows/security/threat-protection/auditing/event-4689.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4689(S): A process has exited. diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md index 25c57686e5..e0b54b2afe 100644 --- a/windows/security/threat-protection/auditing/event-4690.md +++ b/windows/security/threat-protection/auditing/event-4690.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4690(S): An attempt was made to duplicate a handle to an object. diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md index 140889746d..62f92ce75d 100644 --- a/windows/security/threat-protection/auditing/event-4691.md +++ b/windows/security/threat-protection/auditing/event-4691.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4691(S): Indirect access to an object was requested. diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md index ac9b7268ca..fb56e8e4c9 100644 --- a/windows/security/threat-protection/auditing/event-4692.md +++ b/windows/security/threat-protection/auditing/event-4692.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4692(S, F): Backup of data protection master key was attempted. diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md index 219798f08e..bd99d76424 100644 --- a/windows/security/threat-protection/auditing/event-4693.md +++ b/windows/security/threat-protection/auditing/event-4693.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4693(S, F): Recovery of data protection master key was attempted. diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md index dc24a37fc9..f66fb36e4d 100644 --- a/windows/security/threat-protection/auditing/event-4694.md +++ b/windows/security/threat-protection/auditing/event-4694.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4694(S, F): Protection of auditable protected data was attempted. diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md index 78c1b43834..68c0ac644a 100644 --- a/windows/security/threat-protection/auditing/event-4695.md +++ b/windows/security/threat-protection/auditing/event-4695.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4695(S, F): Unprotection of auditable protected data was attempted. diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md index 16c7a8e333..fc3d8432ee 100644 --- a/windows/security/threat-protection/auditing/event-4696.md +++ b/windows/security/threat-protection/auditing/event-4696.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4696(S): A primary token was assigned to process. diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md index 348ae3a7a9..5d1072f99b 100644 --- a/windows/security/threat-protection/auditing/event-4697.md +++ b/windows/security/threat-protection/auditing/event-4697.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4697(S): A service was installed in the system. diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md index 7eb2d41a68..cfbe0e3f96 100644 --- a/windows/security/threat-protection/auditing/event-4698.md +++ b/windows/security/threat-protection/auditing/event-4698.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4698(S): A scheduled task was created. diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md index 258b0a31d3..56935a1da0 100644 --- a/windows/security/threat-protection/auditing/event-4699.md +++ b/windows/security/threat-protection/auditing/event-4699.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4699(S): A scheduled task was deleted. diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md index aa1ef1cc10..3c45c92cf4 100644 --- a/windows/security/threat-protection/auditing/event-4700.md +++ b/windows/security/threat-protection/auditing/event-4700.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4700(S): A scheduled task was enabled. diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md index 11a6147179..0a9639837b 100644 --- a/windows/security/threat-protection/auditing/event-4701.md +++ b/windows/security/threat-protection/auditing/event-4701.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4701(S): A scheduled task was disabled. diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md index a738b7753e..96c7f0b93b 100644 --- a/windows/security/threat-protection/auditing/event-4702.md +++ b/windows/security/threat-protection/auditing/event-4702.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4702(S): A scheduled task was updated. diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md index b4571317fc..f10d935aa1 100644 --- a/windows/security/threat-protection/auditing/event-4703.md +++ b/windows/security/threat-protection/auditing/event-4703.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4703(S): A user right was adjusted. diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index 0780690284..4b0b4ef478 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4704(S): A user right was assigned. diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index afd7149169..c66295ce0d 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4705(S): A user right was removed. diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md index c6ff0bb373..01ce8db4cd 100644 --- a/windows/security/threat-protection/auditing/event-4706.md +++ b/windows/security/threat-protection/auditing/event-4706.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4706(S): A new trust was created to a domain. diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md index 28b13b2cb0..a47a9ea3ea 100644 --- a/windows/security/threat-protection/auditing/event-4707.md +++ b/windows/security/threat-protection/auditing/event-4707.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4707(S): A trust to a domain was removed. diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md index e92aa50675..218134046e 100644 --- a/windows/security/threat-protection/auditing/event-4713.md +++ b/windows/security/threat-protection/auditing/event-4713.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4713(S): Kerberos policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md index 77709fc5c7..fc40a49c6e 100644 --- a/windows/security/threat-protection/auditing/event-4714.md +++ b/windows/security/threat-protection/auditing/event-4714.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4714(S): Encrypted data recovery policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 82b24bae92..f128397767 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4715(S): The audit policy (SACL) on an object was changed. diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index f6d57fece2..64f3140ad0 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4716(S): Trusted domain information was modified. diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index dc449a8758..8a1f14e022 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4717(S): System security access was granted to an account. diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index 7a47fa5d37..e8ec6b8039 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4718(S): System security access was removed from an account. diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md index 97711ffdf7..dae615acf4 100644 --- a/windows/security/threat-protection/auditing/event-4719.md +++ b/windows/security/threat-protection/auditing/event-4719.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4719(S): System audit policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md index bb732fd1dd..b53966664d 100644 --- a/windows/security/threat-protection/auditing/event-4720.md +++ b/windows/security/threat-protection/auditing/event-4720.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4720(S): A user account was created. diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md index 1d82961714..4388873aa0 100644 --- a/windows/security/threat-protection/auditing/event-4722.md +++ b/windows/security/threat-protection/auditing/event-4722.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4722(S): A user account was enabled. diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md index f63004d706..8b8b7975a1 100644 --- a/windows/security/threat-protection/auditing/event-4723.md +++ b/windows/security/threat-protection/auditing/event-4723.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4723(S, F): An attempt was made to change an account's password. diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md index a36b61acac..00c98b63e4 100644 --- a/windows/security/threat-protection/auditing/event-4724.md +++ b/windows/security/threat-protection/auditing/event-4724.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4724(S, F): An attempt was made to reset an account's password. diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md index 731fa570ad..ad5b546a6d 100644 --- a/windows/security/threat-protection/auditing/event-4725.md +++ b/windows/security/threat-protection/auditing/event-4725.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4725(S): A user account was disabled. diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md index 620ba8bbeb..7df0779c4a 100644 --- a/windows/security/threat-protection/auditing/event-4726.md +++ b/windows/security/threat-protection/auditing/event-4726.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4726(S): A user account was deleted. diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md index 39426b84ac..ca1c673af4 100644 --- a/windows/security/threat-protection/auditing/event-4731.md +++ b/windows/security/threat-protection/auditing/event-4731.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4731(S): A security-enabled local group was created. diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md index e68eecbb3d..8afb300906 100644 --- a/windows/security/threat-protection/auditing/event-4732.md +++ b/windows/security/threat-protection/auditing/event-4732.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4732(S): A member was added to a security-enabled local group. diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md index b3dcf94109..3a24b2ef0f 100644 --- a/windows/security/threat-protection/auditing/event-4733.md +++ b/windows/security/threat-protection/auditing/event-4733.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4733(S): A member was removed from a security-enabled local group. diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md index 2f83cfa9a5..ac2c5d7b93 100644 --- a/windows/security/threat-protection/auditing/event-4734.md +++ b/windows/security/threat-protection/auditing/event-4734.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4734(S): A security-enabled local group was deleted. diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md index f590b87f44..4842263179 100644 --- a/windows/security/threat-protection/auditing/event-4735.md +++ b/windows/security/threat-protection/auditing/event-4735.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4735(S): A security-enabled local group was changed. diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index ef5a72da75..63352ed67e 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4738(S): A user account was changed. diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md index 4ecbfdf064..d43bdb27e2 100644 --- a/windows/security/threat-protection/auditing/event-4739.md +++ b/windows/security/threat-protection/auditing/event-4739.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4739(S): Domain Policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md index 63c75713f7..46c0cdcb9d 100644 --- a/windows/security/threat-protection/auditing/event-4740.md +++ b/windows/security/threat-protection/auditing/event-4740.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4740(S): A user account was locked out. diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md index 0152e427a6..5245280f11 100644 --- a/windows/security/threat-protection/auditing/event-4741.md +++ b/windows/security/threat-protection/auditing/event-4741.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4741(S): A computer account was created. diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index de51f96421..3f5f9c2eb6 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4742(S): A computer account was changed. diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md index cfa007a9b7..50411689a9 100644 --- a/windows/security/threat-protection/auditing/event-4743.md +++ b/windows/security/threat-protection/auditing/event-4743.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4743(S): A computer account was deleted. diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md index f49d9f6c7c..8293c95b2b 100644 --- a/windows/security/threat-protection/auditing/event-4749.md +++ b/windows/security/threat-protection/auditing/event-4749.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4749(S): A security-disabled global group was created. diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md index aa3be8fba0..d106e10077 100644 --- a/windows/security/threat-protection/auditing/event-4750.md +++ b/windows/security/threat-protection/auditing/event-4750.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4750(S): A security-disabled global group was changed. diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md index fdd8a37fcc..e3bdca780e 100644 --- a/windows/security/threat-protection/auditing/event-4751.md +++ b/windows/security/threat-protection/auditing/event-4751.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4751(S): A member was added to a security-disabled global group. diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md index d49e422f9e..f6b4fc37dd 100644 --- a/windows/security/threat-protection/auditing/event-4752.md +++ b/windows/security/threat-protection/auditing/event-4752.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4752(S): A member was removed from a security-disabled global group. diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md index b5f941a040..6bdf28a86b 100644 --- a/windows/security/threat-protection/auditing/event-4753.md +++ b/windows/security/threat-protection/auditing/event-4753.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4753(S): A security-disabled global group was deleted. diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md index 85824b3df3..f959fc103a 100644 --- a/windows/security/threat-protection/auditing/event-4764.md +++ b/windows/security/threat-protection/auditing/event-4764.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4764(S): A group’s type was changed. diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md index cf78144c6a..5789319e57 100644 --- a/windows/security/threat-protection/auditing/event-4765.md +++ b/windows/security/threat-protection/auditing/event-4765.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4765(S): SID History was added to an account. diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md index 4178c53a80..4d0ec7ae25 100644 --- a/windows/security/threat-protection/auditing/event-4766.md +++ b/windows/security/threat-protection/auditing/event-4766.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4766(F): An attempt to add SID History to an account failed. diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md index 21beb6c3ec..9dbf921ebf 100644 --- a/windows/security/threat-protection/auditing/event-4767.md +++ b/windows/security/threat-protection/auditing/event-4767.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4767(S): A user account was unlocked. diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 1eded19698..936074fc72 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4768(S, F): A Kerberos authentication ticket (TGT) was requested. diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md index bcf3312248..e82434467c 100644 --- a/windows/security/threat-protection/auditing/event-4769.md +++ b/windows/security/threat-protection/auditing/event-4769.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4769(S, F): A Kerberos service ticket was requested. diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md index b24835b3ba..2027d8504f 100644 --- a/windows/security/threat-protection/auditing/event-4770.md +++ b/windows/security/threat-protection/auditing/event-4770.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4770(S): A Kerberos service ticket was renewed. diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md index 0d4c72e45f..3ca1095e98 100644 --- a/windows/security/threat-protection/auditing/event-4771.md +++ b/windows/security/threat-protection/auditing/event-4771.md @@ -14,6 +14,7 @@ ms.author: vinpa ms.technology: itpro-security ms.collection: - highpri +ms.topic: reference --- # 4771(F): Kerberos pre-authentication failed. diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md index 54fdd53057..3c378ccc0b 100644 --- a/windows/security/threat-protection/auditing/event-4772.md +++ b/windows/security/threat-protection/auditing/event-4772.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4772(F): A Kerberos authentication ticket request failed. diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md index e3ad7e5b20..30c32b9f8d 100644 --- a/windows/security/threat-protection/auditing/event-4773.md +++ b/windows/security/threat-protection/auditing/event-4773.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4773(F): A Kerberos service ticket request failed. diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md index 4cf831e05b..2f9b37c352 100644 --- a/windows/security/threat-protection/auditing/event-4774.md +++ b/windows/security/threat-protection/auditing/event-4774.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4774(S, F): An account was mapped for logon diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md index 285efe300f..8281bb27e5 100644 --- a/windows/security/threat-protection/auditing/event-4775.md +++ b/windows/security/threat-protection/auditing/event-4775.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4775(F): An account could not be mapped for logon. diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md index cebb01a7c7..e411b647ce 100644 --- a/windows/security/threat-protection/auditing/event-4776.md +++ b/windows/security/threat-protection/auditing/event-4776.md @@ -14,6 +14,7 @@ ms.author: vinpa ms.technology: itpro-security ms.collection: - highpri +ms.topic: reference --- # 4776(S, F): The computer attempted to validate the credentials for an account. diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md index 21749ac3ac..e534dbee25 100644 --- a/windows/security/threat-protection/auditing/event-4777.md +++ b/windows/security/threat-protection/auditing/event-4777.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4777(F): The domain controller failed to validate the credentials for an account. diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md index f9f3175763..76aac3738e 100644 --- a/windows/security/threat-protection/auditing/event-4778.md +++ b/windows/security/threat-protection/auditing/event-4778.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4778(S): A session was reconnected to a Window Station. diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md index 4edf0f6668..7f6568c1cb 100644 --- a/windows/security/threat-protection/auditing/event-4779.md +++ b/windows/security/threat-protection/auditing/event-4779.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4779(S): A session was disconnected from a Window Station. diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md index 982fa983de..5195929a0e 100644 --- a/windows/security/threat-protection/auditing/event-4780.md +++ b/windows/security/threat-protection/auditing/event-4780.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4780(S): The ACL was set on accounts which are members of administrators groups. diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md index 856cd7cb4b..fc2aaffc53 100644 --- a/windows/security/threat-protection/auditing/event-4781.md +++ b/windows/security/threat-protection/auditing/event-4781.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4781(S): The name of an account was changed. diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md index 3a6d312600..a0615135c6 100644 --- a/windows/security/threat-protection/auditing/event-4782.md +++ b/windows/security/threat-protection/auditing/event-4782.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4782(S): The password hash of an account was accessed. diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md index 7c64bea4eb..cc197ccb60 100644 --- a/windows/security/threat-protection/auditing/event-4793.md +++ b/windows/security/threat-protection/auditing/event-4793.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4793(S): The Password Policy Checking API was called. diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md index 8519e79e9d..6bcb12e02c 100644 --- a/windows/security/threat-protection/auditing/event-4794.md +++ b/windows/security/threat-protection/auditing/event-4794.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password. diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md index 396f15d0b2..696366f22d 100644 --- a/windows/security/threat-protection/auditing/event-4798.md +++ b/windows/security/threat-protection/auditing/event-4798.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4798(S): A user's local group membership was enumerated. diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md index ad750b391e..1cf362be1d 100644 --- a/windows/security/threat-protection/auditing/event-4799.md +++ b/windows/security/threat-protection/auditing/event-4799.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4799(S): A security-enabled local group membership was enumerated. diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md index 87f46d5a18..89c94ade64 100644 --- a/windows/security/threat-protection/auditing/event-4800.md +++ b/windows/security/threat-protection/auditing/event-4800.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4800(S): The workstation was locked. diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md index f94c08e08f..906e46fcd3 100644 --- a/windows/security/threat-protection/auditing/event-4801.md +++ b/windows/security/threat-protection/auditing/event-4801.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4801(S): The workstation was unlocked. diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md index 6590d5bd4b..1b423f29ee 100644 --- a/windows/security/threat-protection/auditing/event-4802.md +++ b/windows/security/threat-protection/auditing/event-4802.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4802(S): The screen saver was invoked. diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md index 2c0e8d441b..247e3c704d 100644 --- a/windows/security/threat-protection/auditing/event-4803.md +++ b/windows/security/threat-protection/auditing/event-4803.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4803(S): The screen saver was dismissed. diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md index 8d61ef6f9a..8636e1abef 100644 --- a/windows/security/threat-protection/auditing/event-4816.md +++ b/windows/security/threat-protection/auditing/event-4816.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4816(S): RPC detected an integrity violation while decrypting an incoming message. diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index 2cb3ae3794..ff20520062 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4817(S): Auditing settings on object were changed. diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md index 25c2111bd2..c884c2e7a8 100644 --- a/windows/security/threat-protection/auditing/event-4818.md +++ b/windows/security/threat-protection/auditing/event-4818.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy. diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md index 69743c28c7..e8bca4427e 100644 --- a/windows/security/threat-protection/auditing/event-4819.md +++ b/windows/security/threat-protection/auditing/event-4819.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4819(S): Central Access Policies on the machine have been changed. diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md index 914961945b..001e6c6026 100644 --- a/windows/security/threat-protection/auditing/event-4826.md +++ b/windows/security/threat-protection/auditing/event-4826.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4826(S): Boot Configuration Data loaded. diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md index e70836a75b..a26b552f4a 100644 --- a/windows/security/threat-protection/auditing/event-4864.md +++ b/windows/security/threat-protection/auditing/event-4864.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4864(S): A namespace collision was detected. diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md index 76624588fc..aa44c9bb6a 100644 --- a/windows/security/threat-protection/auditing/event-4865.md +++ b/windows/security/threat-protection/auditing/event-4865.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4865(S): A trusted forest information entry was added. diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md index 1e1b870506..1fcc07f446 100644 --- a/windows/security/threat-protection/auditing/event-4866.md +++ b/windows/security/threat-protection/auditing/event-4866.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4866(S): A trusted forest information entry was removed. diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md index 24063dad9d..ce30699bfa 100644 --- a/windows/security/threat-protection/auditing/event-4867.md +++ b/windows/security/threat-protection/auditing/event-4867.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4867(S): A trusted forest information entry was modified. diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md index 5b2a94af52..7185b9f3da 100644 --- a/windows/security/threat-protection/auditing/event-4902.md +++ b/windows/security/threat-protection/auditing/event-4902.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4902(S): The Per-user audit policy table was created. diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md index fd9ee497a2..90858c5844 100644 --- a/windows/security/threat-protection/auditing/event-4904.md +++ b/windows/security/threat-protection/auditing/event-4904.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4904(S): An attempt was made to register a security event source. diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md index c8ba9bb9c9..14eb6cfa8b 100644 --- a/windows/security/threat-protection/auditing/event-4905.md +++ b/windows/security/threat-protection/auditing/event-4905.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4905(S): An attempt was made to unregister a security event source. diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md index 4913d0d431..2058342aa0 100644 --- a/windows/security/threat-protection/auditing/event-4906.md +++ b/windows/security/threat-protection/auditing/event-4906.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4906(S): The CrashOnAuditFail value has changed. diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index 70de13eecf..c38b66d51b 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4907(S): Auditing settings on object were changed. diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index b5351ecbd4..3314e94436 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4908(S): Special Groups Logon table modified. diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md index ab35104b88..8a8631489a 100644 --- a/windows/security/threat-protection/auditing/event-4909.md +++ b/windows/security/threat-protection/auditing/event-4909.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4909(-): The local policy settings for the TBS were changed. diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md index 2e46e4e49e..15276f29ce 100644 --- a/windows/security/threat-protection/auditing/event-4910.md +++ b/windows/security/threat-protection/auditing/event-4910.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4910(-): The group policy settings for the TBS were changed. diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index b72644a868..abc112dbb4 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4911(S): Resource attributes of the object were changed. diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md index 3ac8a96880..0c0e66f90e 100644 --- a/windows/security/threat-protection/auditing/event-4912.md +++ b/windows/security/threat-protection/auditing/event-4912.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4912(S): Per User Audit Policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index 949b10bd58..e15a691617 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4913(S): Central Access Policy on the object was changed. diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md index d39db3ef25..902113bb5c 100644 --- a/windows/security/threat-protection/auditing/event-4928.md +++ b/windows/security/threat-protection/auditing/event-4928.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4928(S, F): An Active Directory replica source naming context was established. diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md index 596b209eb4..3fd978d0e3 100644 --- a/windows/security/threat-protection/auditing/event-4929.md +++ b/windows/security/threat-protection/auditing/event-4929.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4929(S, F): An Active Directory replica source naming context was removed. diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md index e66843285f..1b7bee26bf 100644 --- a/windows/security/threat-protection/auditing/event-4930.md +++ b/windows/security/threat-protection/auditing/event-4930.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4930(S, F): An Active Directory replica source naming context was modified. diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md index 27be6fe7ed..75acecb89f 100644 --- a/windows/security/threat-protection/auditing/event-4931.md +++ b/windows/security/threat-protection/auditing/event-4931.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4931(S, F): An Active Directory replica destination naming context was modified. diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md index 71e22cd118..4cdd6b7bdd 100644 --- a/windows/security/threat-protection/auditing/event-4932.md +++ b/windows/security/threat-protection/auditing/event-4932.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4932(S): Synchronization of a replica of an Active Directory naming context has begun. diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md index 3937b0e178..b1636e8e63 100644 --- a/windows/security/threat-protection/auditing/event-4933.md +++ b/windows/security/threat-protection/auditing/event-4933.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4933(S, F): Synchronization of a replica of an Active Directory naming context has ended. diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md index 90e2db1e04..efafcb9b79 100644 --- a/windows/security/threat-protection/auditing/event-4934.md +++ b/windows/security/threat-protection/auditing/event-4934.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4934(S): Attributes of an Active Directory object were replicated. diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md index 79ef8d6e1c..a126742afb 100644 --- a/windows/security/threat-protection/auditing/event-4935.md +++ b/windows/security/threat-protection/auditing/event-4935.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4935(F): Replication failure begins. diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md index 16a640d3bb..e2818ec6ee 100644 --- a/windows/security/threat-protection/auditing/event-4936.md +++ b/windows/security/threat-protection/auditing/event-4936.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4936(S): Replication failure ends. diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md index 731aceca7a..8296ce75c4 100644 --- a/windows/security/threat-protection/auditing/event-4937.md +++ b/windows/security/threat-protection/auditing/event-4937.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4937(S): A lingering object was removed from a replica. diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md index 7db0bee853..bb08c3a077 100644 --- a/windows/security/threat-protection/auditing/event-4944.md +++ b/windows/security/threat-protection/auditing/event-4944.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4944(S): The following policy was active when the Windows Firewall started. diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md index 8d73c9f148..852ed5f03e 100644 --- a/windows/security/threat-protection/auditing/event-4945.md +++ b/windows/security/threat-protection/auditing/event-4945.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4945(S): A rule was listed when the Windows Firewall started. diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md index d2fafe1dfc..ab355b85c1 100644 --- a/windows/security/threat-protection/auditing/event-4946.md +++ b/windows/security/threat-protection/auditing/event-4946.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4946(S): A change has been made to Windows Firewall exception list. A rule was added. diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md index 674449382b..284d2d4303 100644 --- a/windows/security/threat-protection/auditing/event-4947.md +++ b/windows/security/threat-protection/auditing/event-4947.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4947(S): A change has been made to Windows Firewall exception list. A rule was modified. diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md index 43acd0b7a9..da8f423b29 100644 --- a/windows/security/threat-protection/auditing/event-4948.md +++ b/windows/security/threat-protection/auditing/event-4948.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4948(S): A change has been made to Windows Firewall exception list. A rule was deleted. diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md index 81db5c36c6..528ad262bb 100644 --- a/windows/security/threat-protection/auditing/event-4949.md +++ b/windows/security/threat-protection/auditing/event-4949.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4949(S): Windows Firewall settings were restored to the default values. diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md index b4bd969a10..8a3aa4274a 100644 --- a/windows/security/threat-protection/auditing/event-4950.md +++ b/windows/security/threat-protection/auditing/event-4950.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4950(S): A Windows Firewall setting has changed. diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md index f585ac4615..7addb69d77 100644 --- a/windows/security/threat-protection/auditing/event-4951.md +++ b/windows/security/threat-protection/auditing/event-4951.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4951(F): A rule has been ignored because its major version number wasn't recognized by Windows Firewall. diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md index f95423f1c1..1dd166db54 100644 --- a/windows/security/threat-protection/auditing/event-4952.md +++ b/windows/security/threat-protection/auditing/event-4952.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4952(F): Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md index dfce2c4545..5a5a97d56a 100644 --- a/windows/security/threat-protection/auditing/event-4953.md +++ b/windows/security/threat-protection/auditing/event-4953.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4953(F): Windows Firewall ignored a rule because it couldn't be parsed. diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md index 09f0a2ce76..07977d6aff 100644 --- a/windows/security/threat-protection/auditing/event-4954.md +++ b/windows/security/threat-protection/auditing/event-4954.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4954(S): Windows Firewall Group Policy settings have changed. The new settings have been applied. diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md index 2344350879..105b780984 100644 --- a/windows/security/threat-protection/auditing/event-4956.md +++ b/windows/security/threat-protection/auditing/event-4956.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4956(S): Windows Firewall has changed the active profile. diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md index c408811451..49fae3fef5 100644 --- a/windows/security/threat-protection/auditing/event-4957.md +++ b/windows/security/threat-protection/auditing/event-4957.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4957(F): Windows Firewall did not apply the following rule. diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md index e05fc62bfa..45964176a6 100644 --- a/windows/security/threat-protection/auditing/event-4958.md +++ b/windows/security/threat-protection/auditing/event-4958.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md index 6c8452f0d6..51893d2572 100644 --- a/windows/security/threat-protection/auditing/event-4964.md +++ b/windows/security/threat-protection/auditing/event-4964.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4964(S): Special groups have been assigned to a new logon. diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md index b5cdedc6a7..8150e62b11 100644 --- a/windows/security/threat-protection/auditing/event-4985.md +++ b/windows/security/threat-protection/auditing/event-4985.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 4985(S): The state of a transaction has changed. diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md index c6f473df75..9e06608869 100644 --- a/windows/security/threat-protection/auditing/event-5024.md +++ b/windows/security/threat-protection/auditing/event-5024.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5024(S): The Windows Firewall Service has started successfully. diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md index 4dd4c320c6..9ae2fe14d0 100644 --- a/windows/security/threat-protection/auditing/event-5025.md +++ b/windows/security/threat-protection/auditing/event-5025.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5025(S): The Windows Firewall Service has been stopped. diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md index 652dac8c47..d654b82a01 100644 --- a/windows/security/threat-protection/auditing/event-5027.md +++ b/windows/security/threat-protection/auditing/event-5027.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5027(F): The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md index 6650d79ec5..bf9c62d91a 100644 --- a/windows/security/threat-protection/auditing/event-5028.md +++ b/windows/security/threat-protection/auditing/event-5028.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5028(F): The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md index 7ca1bb4522..4a36c10d4d 100644 --- a/windows/security/threat-protection/auditing/event-5029.md +++ b/windows/security/threat-protection/auditing/event-5029.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5029(F): The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md index 24660d6d45..aa78cb3b62 100644 --- a/windows/security/threat-protection/auditing/event-5030.md +++ b/windows/security/threat-protection/auditing/event-5030.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5030(F): The Windows Firewall Service failed to start. diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md index c328c46107..04c03b1ee6 100644 --- a/windows/security/threat-protection/auditing/event-5031.md +++ b/windows/security/threat-protection/auditing/event-5031.md @@ -12,6 +12,7 @@ ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/08/2021 ms.technology: itpro-security +ms.topic: reference --- # 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network. diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md index 231acb67b1..af43e8ea73 100644 --- a/windows/security/threat-protection/auditing/event-5032.md +++ b/windows/security/threat-protection/auditing/event-5032.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5032(F): Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md index ce127dad94..467ba04e40 100644 --- a/windows/security/threat-protection/auditing/event-5033.md +++ b/windows/security/threat-protection/auditing/event-5033.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5033(S): The Windows Firewall Driver has started successfully. diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md index 52c8c2522d..dc2d097c4a 100644 --- a/windows/security/threat-protection/auditing/event-5034.md +++ b/windows/security/threat-protection/auditing/event-5034.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5034(S): The Windows Firewall Driver was stopped. diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md index 3cf63d5224..88a49892a6 100644 --- a/windows/security/threat-protection/auditing/event-5035.md +++ b/windows/security/threat-protection/auditing/event-5035.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5035(F): The Windows Firewall Driver failed to start. diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md index bf6d42a9ef..f25a054fe7 100644 --- a/windows/security/threat-protection/auditing/event-5037.md +++ b/windows/security/threat-protection/auditing/event-5037.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5037(F): The Windows Firewall Driver detected critical runtime error. Terminating. diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md index 3b4aa0d998..e824e93afe 100644 --- a/windows/security/threat-protection/auditing/event-5038.md +++ b/windows/security/threat-protection/auditing/event-5038.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md index e1f249411a..7bf2bf5471 100644 --- a/windows/security/threat-protection/auditing/event-5039.md +++ b/windows/security/threat-protection/auditing/event-5039.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5039(-): A registry key was virtualized. diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md index 79d4e4b789..38a07353b3 100644 --- a/windows/security/threat-protection/auditing/event-5051.md +++ b/windows/security/threat-protection/auditing/event-5051.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5051(-): A file was virtualized. diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md index bac056b217..3711acef2d 100644 --- a/windows/security/threat-protection/auditing/event-5056.md +++ b/windows/security/threat-protection/auditing/event-5056.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5056(S): A cryptographic self-test was performed. diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md index 2013fda273..4fc7113c1b 100644 --- a/windows/security/threat-protection/auditing/event-5057.md +++ b/windows/security/threat-protection/auditing/event-5057.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5057(F): A cryptographic primitive operation failed. diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md index 2dae2d1e2f..b95c545e7c 100644 --- a/windows/security/threat-protection/auditing/event-5058.md +++ b/windows/security/threat-protection/auditing/event-5058.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5058(S, F): Key file operation. diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index 26cd95b0d4..cdbae47721 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5059(S, F): Key migration operation. diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md index 1a65f76633..60ec2cbd3e 100644 --- a/windows/security/threat-protection/auditing/event-5060.md +++ b/windows/security/threat-protection/auditing/event-5060.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5060(F): Verification operation failed. diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index d47254485f..802ee6cc60 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5061(S, F): Cryptographic operation. diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md index 08b0f7bce0..a76dabb95e 100644 --- a/windows/security/threat-protection/auditing/event-5062.md +++ b/windows/security/threat-protection/auditing/event-5062.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5062(S): A kernel-mode cryptographic self-test was performed. diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md index 784019bc18..41ac047786 100644 --- a/windows/security/threat-protection/auditing/event-5063.md +++ b/windows/security/threat-protection/auditing/event-5063.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5063(S, F): A cryptographic provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md index 807d3ee45d..3467a2816a 100644 --- a/windows/security/threat-protection/auditing/event-5064.md +++ b/windows/security/threat-protection/auditing/event-5064.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5064(S, F): A cryptographic context operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md index 3e978d64a3..66bfddb1d1 100644 --- a/windows/security/threat-protection/auditing/event-5065.md +++ b/windows/security/threat-protection/auditing/event-5065.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5065(S, F): A cryptographic context modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md index e834a9e584..62a0920fb7 100644 --- a/windows/security/threat-protection/auditing/event-5066.md +++ b/windows/security/threat-protection/auditing/event-5066.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5066(S, F): A cryptographic function operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md index 5aa395a688..78cd9d24aa 100644 --- a/windows/security/threat-protection/auditing/event-5067.md +++ b/windows/security/threat-protection/auditing/event-5067.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5067(S, F): A cryptographic function modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md index 814ea02d50..791301bc3b 100644 --- a/windows/security/threat-protection/auditing/event-5068.md +++ b/windows/security/threat-protection/auditing/event-5068.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5068(S, F): A cryptographic function provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md index b8d6466c09..9894285dad 100644 --- a/windows/security/threat-protection/auditing/event-5069.md +++ b/windows/security/threat-protection/auditing/event-5069.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5069(S, F): A cryptographic function property operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md index 1232c68bd4..ba4785e01b 100644 --- a/windows/security/threat-protection/auditing/event-5070.md +++ b/windows/security/threat-protection/auditing/event-5070.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5070(S, F): A cryptographic function property modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md index 97f862f3a6..97c0977a60 100644 --- a/windows/security/threat-protection/auditing/event-5136.md +++ b/windows/security/threat-protection/auditing/event-5136.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5136(S): A directory service object was modified. diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md index 072f6dede2..bed5eae208 100644 --- a/windows/security/threat-protection/auditing/event-5137.md +++ b/windows/security/threat-protection/auditing/event-5137.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5137(S): A directory service object was created. diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md index 5fcb9a3381..12d981909a 100644 --- a/windows/security/threat-protection/auditing/event-5138.md +++ b/windows/security/threat-protection/auditing/event-5138.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5138(S): A directory service object was undeleted. diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md index e89fd1eb91..6799a4e50d 100644 --- a/windows/security/threat-protection/auditing/event-5139.md +++ b/windows/security/threat-protection/auditing/event-5139.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5139(S): A directory service object was moved. diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index 5d72bf2c8c..522cf1b652 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5140(S, F): A network share object was accessed. diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md index d7ba9c67d4..046ca20f9d 100644 --- a/windows/security/threat-protection/auditing/event-5141.md +++ b/windows/security/threat-protection/auditing/event-5141.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5141(S): A directory service object was deleted. diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md index 6930a066d4..3a69208c29 100644 --- a/windows/security/threat-protection/auditing/event-5142.md +++ b/windows/security/threat-protection/auditing/event-5142.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5142(S): A network share object was added. diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index ccfe6641b0..e92068c93a 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5143(S): A network share object was modified. diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index 69aa754e48..da401f212d 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5144(S): A network share object was deleted. diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 8f47f2b4d1..02c531c5fd 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5145(S, F): A network share object was checked to see whether client can be granted desired access. diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md index bb9ab2267c..5442a8a705 100644 --- a/windows/security/threat-protection/auditing/event-5148.md +++ b/windows/security/threat-protection/auditing/event-5148.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md index 0e4b73fcde..7e0dc6dd45 100644 --- a/windows/security/threat-protection/auditing/event-5149.md +++ b/windows/security/threat-protection/auditing/event-5149.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5149(F): The DoS attack has subsided and normal processing is being resumed. diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index f1310cde61..80c82d807e 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5150(-): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index bf55e6a6eb..6b7d1453bf 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md index 27438881cb..e5a76da383 100644 --- a/windows/security/threat-protection/auditing/event-5152.md +++ b/windows/security/threat-protection/auditing/event-5152.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5152(F): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md index f7a61cc8fe..a321b76f20 100644 --- a/windows/security/threat-protection/auditing/event-5153.md +++ b/windows/security/threat-protection/auditing/event-5153.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md index 2002fbb907..9b2425ff9c 100644 --- a/windows/security/threat-protection/auditing/event-5154.md +++ b/windows/security/threat-protection/auditing/event-5154.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md index 94377b1098..e6efebdae1 100644 --- a/windows/security/threat-protection/auditing/event-5155.md +++ b/windows/security/threat-protection/auditing/event-5155.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md index fbe87f79bc..3d56301b24 100644 --- a/windows/security/threat-protection/auditing/event-5156.md +++ b/windows/security/threat-protection/auditing/event-5156.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5156(S): The Windows Filtering Platform has permitted a connection. diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md index 6967921a48..4f62c99d51 100644 --- a/windows/security/threat-protection/auditing/event-5157.md +++ b/windows/security/threat-protection/auditing/event-5157.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5157(F): The Windows Filtering Platform has blocked a connection. diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md index af16821b1f..cbc0d2d4ee 100644 --- a/windows/security/threat-protection/auditing/event-5158.md +++ b/windows/security/threat-protection/auditing/event-5158.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5158(S): The Windows Filtering Platform has permitted a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md index 5ecd816d89..ffe34518c5 100644 --- a/windows/security/threat-protection/auditing/event-5159.md +++ b/windows/security/threat-protection/auditing/event-5159.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5159(F): The Windows Filtering Platform has blocked a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index 3b59d54629..f0ae1f47a8 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5168(F): SPN check for SMB/SMB2 failed. diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md index 3145af538e..ee08c45c93 100644 --- a/windows/security/threat-protection/auditing/event-5376.md +++ b/windows/security/threat-protection/auditing/event-5376.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5376(S): Credential Manager credentials were backed up. diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md index a60bd13f29..a6f12f74f5 100644 --- a/windows/security/threat-protection/auditing/event-5377.md +++ b/windows/security/threat-protection/auditing/event-5377.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5377(S): Credential Manager credentials were restored from a backup. diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md index 64f48471be..b6391769da 100644 --- a/windows/security/threat-protection/auditing/event-5378.md +++ b/windows/security/threat-protection/auditing/event-5378.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5378(F): The requested credentials delegation was disallowed by policy. diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md index 732d1ae81e..96b013cf8c 100644 --- a/windows/security/threat-protection/auditing/event-5447.md +++ b/windows/security/threat-protection/auditing/event-5447.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5447(S): A Windows Filtering Platform filter has been changed. diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md index b5af7f21a3..676a79172e 100644 --- a/windows/security/threat-protection/auditing/event-5632.md +++ b/windows/security/threat-protection/auditing/event-5632.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5632(S, F): A request was made to authenticate to a wireless network. diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md index 1583b0b945..e661c80301 100644 --- a/windows/security/threat-protection/auditing/event-5633.md +++ b/windows/security/threat-protection/auditing/event-5633.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5633(S, F): A request was made to authenticate to a wired network. diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md index d0dc85fe45..32d5ba732a 100644 --- a/windows/security/threat-protection/auditing/event-5712.md +++ b/windows/security/threat-protection/auditing/event-5712.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5712(S): A Remote Procedure Call (RPC) was attempted. diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md index 5c45a9698a..72e18b5e28 100644 --- a/windows/security/threat-protection/auditing/event-5888.md +++ b/windows/security/threat-protection/auditing/event-5888.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5888(S): An object in the COM+ Catalog was modified. diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md index 3b60e803d9..178ec29a4f 100644 --- a/windows/security/threat-protection/auditing/event-5889.md +++ b/windows/security/threat-protection/auditing/event-5889.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5889(S): An object was deleted from the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md index 09c79bee05..4f473d2a4e 100644 --- a/windows/security/threat-protection/auditing/event-5890.md +++ b/windows/security/threat-protection/auditing/event-5890.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 5890(S): An object was added to the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md index dfad64c1da..3eb1181321 100644 --- a/windows/security/threat-protection/auditing/event-6144.md +++ b/windows/security/threat-protection/auditing/event-6144.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6144(S): Security policy in the group policy objects has been applied successfully. diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md index 60ed2e8ad8..b062b5e023 100644 --- a/windows/security/threat-protection/auditing/event-6145.md +++ b/windows/security/threat-protection/auditing/event-6145.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6145(F): One or more errors occurred while processing security policy in the group policy objects. diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md index 76f546a222..38f432d51a 100644 --- a/windows/security/threat-protection/auditing/event-6281.md +++ b/windows/security/threat-protection/auditing/event-6281.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6281(F): Code Integrity determined that the page hashes of an image file aren't valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index d8bcc6f1c7..a588c35204 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content. diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index 3e60d3515a..82502eb7ff 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6401(-): BranchCache: Received invalid data from a peer. Data discarded. diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index 3148f9b03e..d5d3febf63 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted. diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index ad426fdacc..2f9d945388 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client. diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index e2fed0d583..f37bea1b9e 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md index 48746ad277..1feed0f6a6 100644 --- a/windows/security/threat-protection/auditing/event-6405.md +++ b/windows/security/threat-protection/auditing/event-6405.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred. diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md index 42541a3842..fdd75af38b 100644 --- a/windows/security/threat-protection/auditing/event-6406.md +++ b/windows/security/threat-protection/auditing/event-6406.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2. diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md index 68aba98482..c2f279466e 100644 --- a/windows/security/threat-protection/auditing/event-6407.md +++ b/windows/security/threat-protection/auditing/event-6407.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6407(-): 1%. diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md index 28c11c16f5..36f25a9b69 100644 --- a/windows/security/threat-protection/auditing/event-6408.md +++ b/windows/security/threat-protection/auditing/event-6408.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2. diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md index c1c419c09d..3f406625b5 100644 --- a/windows/security/threat-protection/auditing/event-6409.md +++ b/windows/security/threat-protection/auditing/event-6409.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6409(-): BranchCache: A service connection point object could not be parsed. diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md index b921dbea1c..958db95565 100644 --- a/windows/security/threat-protection/auditing/event-6410.md +++ b/windows/security/threat-protection/auditing/event-6410.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process. diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md index 7d254bf9ef..64cdb17ee1 100644 --- a/windows/security/threat-protection/auditing/event-6416.md +++ b/windows/security/threat-protection/auditing/event-6416.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6416(S): A new external device was recognized by the System. diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md index 108315501c..7368059899 100644 --- a/windows/security/threat-protection/auditing/event-6419.md +++ b/windows/security/threat-protection/auditing/event-6419.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6419(S): A request was made to disable a device. diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md index 2efdfa78aa..2c7166a78d 100644 --- a/windows/security/threat-protection/auditing/event-6420.md +++ b/windows/security/threat-protection/auditing/event-6420.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6420(S): A device was disabled. diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md index 3780d8b15e..ae72b11254 100644 --- a/windows/security/threat-protection/auditing/event-6421.md +++ b/windows/security/threat-protection/auditing/event-6421.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6421(S): A request was made to enable a device. diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md index 02752c9163..bf594b6937 100644 --- a/windows/security/threat-protection/auditing/event-6422.md +++ b/windows/security/threat-protection/auditing/event-6422.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6422(S): A device was enabled. diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md index 5e62ebe6c7..4f7fcb614c 100644 --- a/windows/security/threat-protection/auditing/event-6423.md +++ b/windows/security/threat-protection/auditing/event-6423.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6423(S): The installation of this device is forbidden by system policy. diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md index 699e5ad030..10d33c2820 100644 --- a/windows/security/threat-protection/auditing/event-6424.md +++ b/windows/security/threat-protection/auditing/event-6424.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # 6424(S): The installation of this device was allowed, after having previously been forbidden by policy. diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md index 4ee793c896..d2af1d3d31 100644 --- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md +++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: how-to --- # How to get a list of XML data name elements in EventData diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md index 6854674959..800961629e 100644 --- a/windows/security/threat-protection/auditing/other-events.md +++ b/windows/security/threat-protection/auditing/other-events.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # Other Events diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md index b13c6f8d8c..fdc4c5d757 100644 --- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md +++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md @@ -9,6 +9,7 @@ ms.author: dansimp ms.date: 08/14/2017 ms.localizationpriority: medium ms.technology: itpro-security +ms.topic: reference --- # Block untrusted fonts in an enterprise diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md index c71d2b029e..5ab3f50909 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md @@ -13,6 +13,7 @@ ms.reviewer: manager: aaroncz ms.custom: sasr ms.technology: itpro-security +ms.topic: how-to --- # Configure Microsoft Defender Application Guard policy settings diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index b4fb01a3c6..765a61fcb9 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -15,6 +15,7 @@ ms.custom: asr ms.technology: itpro-security ms.collection: - highpri +ms.topic: how-to --- # Prepare to install Microsoft Defender Application Guard diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md index 631bbc75fd..0f2bca60b2 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md @@ -10,6 +10,7 @@ ms.reviewer: manager: aaroncz ms.custom: asr ms.technology: itpro-security +ms.topic: conceptual --- # Microsoft Defender Application Guard Extension diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 1ba47ee970..6b284c9344 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -15,6 +15,7 @@ ms.custom: asr ms.technology: itpro-security ms.collection: - highpri +ms.topic: conceptual --- # Microsoft Defender Application Guard overview diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index d8461e69f2..4357712bc7 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -10,6 +10,7 @@ ms.reviewer: sazankha manager: aaroncz ms.date: 09/23/2022 ms.custom: asr +ms.topic: conceptual --- # Application Guard testing scenarios diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md index 5d2279fcc0..8723d513d2 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: reference --- # Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md index 4d099ef9e6..0ee92c6736 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md @@ -12,6 +12,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: how-to --- # Set up and use Microsoft Defender SmartScreen on individual devices diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md index db57203dd5..8597ee9893 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md @@ -12,6 +12,7 @@ ms.date: 10/07/2022 adobe-target: true appliesto: - ✅ Windows 11, version 22H2 +ms.topic: conceptual --- # Enhanced Phishing Protection in Microsoft Defender SmartScreen diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index ae2b7dcea6..fa79c1116f 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -9,6 +9,7 @@ author: dulcemontemayor ms.date: 10/13/2017 ms.localizationpriority: medium ms.technology: itpro-security +ms.topic: conceptual --- # Control the health of Windows 10-based devices diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md index bde8daf5f1..9a86d20cd0 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md @@ -13,6 +13,7 @@ ms.localizationpriority: medium author: vinaypamnani-msft ms.date: 06/28/2018 ms.technology: itpro-security +ms.topic: conceptual --- # Microsoft network client: Digitally sign communications (always) diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md index f6ce6b41e1..76babb8a47 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md @@ -13,6 +13,7 @@ ms.localizationpriority: medium author: vinaypamnani-msft ms.date: 11/13/2018 ms.technology: itpro-security +ms.topic: conceptual --- # Minimum password age diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md index 48d6693d11..67f28accd4 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md @@ -11,6 +11,7 @@ ms.reviewer: manager: aaroncz ms.collection: - highpri +ms.topic: conceptual --- # Network access: Restrict clients allowed to make remote calls to SAM diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md index 2617bbe979..6a88de5b89 100644 --- a/windows/security/threat-protection/security-policy-settings/security-options.md +++ b/windows/security/threat-protection/security-policy-settings/security-options.md @@ -13,6 +13,7 @@ ms.localizationpriority: medium author: vinaypamnani-msft ms.date: 06/28/2018 ms.technology: itpro-security +ms.topic: conceptual --- # Security Options diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index d48d5da38b..83eddad140 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -9,6 +9,7 @@ author: dulcemontemayor ms.date: 02/28/2019 ms.localizationpriority: medium ms.technology: itpro-security +ms.topic: how-to --- # Use Windows Event Forwarding to help with intrusion detection diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md index e5b9ec21cc..e746c84f0f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md @@ -14,6 +14,7 @@ ms.localizationpriority: medium msauthor: v-anbic ms.date: 08/27/2018 ms.technology: itpro-security +ms.topic: conceptual --- # Working with AppLocker rules diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md index 4777c6863d..a3773ffe67 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md @@ -14,6 +14,7 @@ ms.date: 04/30/2018 ms.reviewer: manager: aaroncz ms.technology: itpro-security +ms.topic: how-to --- # Manage Windows Security in Windows 10 in S mode diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index a5a4b985e6..1404209dea 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -14,6 +14,7 @@ ms.localizationpriority: medium author: vinaypamnani-msft ms.date: 03/01/2019 ms.technology: itpro-security +ms.topic: conceptual --- # Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10 diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index e4715791d7..929c7d815b 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -13,6 +13,7 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security +ms.topic: conceptual --- # System Guard Secure Launch and SMM protection diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md index df6d6a8219..3e77330596 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md @@ -19,6 +19,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.topic: conceptual --- # Configure the Workstation Authentication Certificate Template From 8898fd64484efe81dda6a47debb678a8e5eef8f9 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Fri, 16 Dec 2022 18:23:07 -0500 Subject: [PATCH 07/11] Remove link back to article Removed link back this same article --- windows/deployment/windows-10-subscription-activation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 7e1a8c8a06..b48ff94e98 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -40,7 +40,7 @@ This article covers the following information: For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md). > [!NOTE] -> Organizations that use the [Subscription Activation](/windows/deployment/windows-10-subscription-activation) feature to enable users to upgrade from one version of Windows to another might want to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f, from their device compliance policy. +> Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another might want to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f, from their device compliance policy. ## Subscription activation for Enterprise From f99b160abcf9dd9ba15285121803a3d52531d3ed Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Fri, 16 Dec 2022 18:04:10 -0700 Subject: [PATCH 08/11] Update faq-pde.yml Line 82: Add blank line. --- .../personal-data-encryption/faq-pde.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/personal-data-encryption/faq-pde.yml b/windows/security/information-protection/personal-data-encryption/faq-pde.yml index 8bb71cc423..c56effe008 100644 --- a/windows/security/information-protection/personal-data-encryption/faq-pde.yml +++ b/windows/security/information-protection/personal-data-encryption/faq-pde.yml @@ -78,4 +78,5 @@ sections: additionalContent: | ## See also - [Personal Data Encryption (PDE)](overview-pde.md) - - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md) \ No newline at end of file + - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md) + From e687d58f903d3968bbeb69de37567a21d6da59d2 Mon Sep 17 00:00:00 2001 From: Office Content Publishing <34616516+officedocspr@users.noreply.github.com> Date: Sat, 17 Dec 2022 23:31:49 -0800 Subject: [PATCH 09/11] Uploaded file: education-content-updates.md - 2022-12-17 23:31:49.7017 --- .../includes/education-content-updates.md | 46 +------------------ 1 file changed, 2 insertions(+), 44 deletions(-) diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md index c0a273e836..ca2950ff0a 100644 --- a/education/includes/education-content-updates.md +++ b/education/includes/education-content-updates.md @@ -2,51 +2,9 @@ -## Week of September 19, 2022 +## Week of December 12, 2022 | Published On |Topic title | Change | |------|------------|--------| -| 9/20/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified | - - -## Week of September 12, 2022 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 9/13/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified | -| 9/14/2022 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified | -| 9/14/2022 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified | - - -## Week of September 05, 2022 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 9/8/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified | -| 9/8/2022 | [Get Minecraft Education Edition](/education/windows/get-minecraft-for-education) | modified | -| 9/8/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified | -| 9/9/2022 | [Take tests in Windows](/education/windows/take-tests-in-windows-10) | modified | - - -## Week of August 29, 2022 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 8/31/2022 | [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps) | added | -| 8/31/2022 | [Configure and secure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-settings) | added | -| 8/31/2022 | [Configure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-devices-overview) | added | -| 8/31/2022 | [Enrollment in Intune with standard out-of-box experience (OOBE)](/education/windows/tutorial-school-deployment/enroll-aadj) | added | -| 8/31/2022 | [Enrollment in Intune with Windows Autopilot](/education/windows/tutorial-school-deployment/enroll-autopilot) | added | -| 8/31/2022 | [Device enrollment overview](/education/windows/tutorial-school-deployment/enroll-overview) | added | -| 8/31/2022 | [Enrollment of Windows devices with provisioning packages](/education/windows/tutorial-school-deployment/enroll-package) | added | -| 8/31/2022 | [Introduction](/education/windows/tutorial-school-deployment/index) | added | -| 8/31/2022 | [Manage devices with Microsoft Intune](/education/windows/tutorial-school-deployment/manage-overview) | added | -| 8/31/2022 | [Management functionalities for Surface devices](/education/windows/tutorial-school-deployment/manage-surface-devices) | added | -| 8/31/2022 | [Reset and wipe Windows devices](/education/windows/tutorial-school-deployment/reset-wipe) | added | -| 8/31/2022 | [Set up Azure Active Directory](/education/windows/tutorial-school-deployment/set-up-azure-ad) | added | -| 8/31/2022 | [Set up device management](/education/windows/tutorial-school-deployment/set-up-microsoft-intune) | added | -| 8/31/2022 | [Troubleshoot Windows devices](/education/windows/tutorial-school-deployment/troubleshoot-overview) | added | +| 12/13/2022 | [Configure Stickers for Windows 11 SE](/education/windows/edu-stickers) | modified | From 3c8bd553b303c3543c70162cff8254e1a4532144 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 19 Dec 2022 08:49:18 -0500 Subject: [PATCH 10/11] updates --- .../mdm/healthattestation-csp.md | 2 +- .../do/images/elixir_ux/readme-elixir-ux-files.md | 3 +-- windows/deployment/do/mcc-enterprise-appendix.md | 2 +- windows/deployment/do/mcc-enterprise-deploy.md | 2 +- .../deployment/do/mcc-enterprise-prerequisites.md | 2 +- .../do/mcc-enterprise-update-uninstall.md | 2 +- .../do/mcc-isp-cache-node-configuration.md | 5 +---- .../do/mcc-isp-create-provision-deploy.md | 5 +---- windows/deployment/do/mcc-isp-faq.yml | 8 ++------ windows/deployment/do/mcc-isp-signup.md | 3 +-- windows/deployment/do/mcc-isp-support.md | 3 +-- windows/deployment/do/mcc-isp-update.md | 3 +-- .../deployment/do/mcc-isp-verify-cache-node.md | 3 +-- windows/deployment/do/mcc-isp-vm-performance.md | 5 +---- .../do/waas-delivery-optimization-faq.yml | 12 ++---------- windows/deployment/windows-autopatch/index.yml | 1 + .../overview/windows-autopatch-faq.yml | 1 + .../hello-deployment-rdp-certs.md | 4 ++-- .../hello-for-business/hello-faq.yml | 1 - .../hello-for-business/index.yml | 1 - windows/security/index.yml | 1 - .../bitlocker/bitlocker-and-adds-faq.yml | 11 ++--------- ...itlocker-deployment-and-administration-faq.yml | 13 ++----------- .../bitlocker-frequently-asked-questions.yml | 12 ++---------- .../bitlocker/bitlocker-key-management-faq.yml | 11 ++--------- .../bitlocker/bitlocker-network-unlock-faq.yml | 5 ----- .../bitlocker-overview-and-requirements-faq.yml | 11 ++--------- .../bitlocker/bitlocker-security-faq.yml | 13 +++---------- .../bitlocker/bitlocker-to-go-faq.yml | 8 +------- .../bitlocker/bitlocker-upgrading-faq.yml | 13 +++---------- .../bitlocker-using-with-other-programs-faq.yml | 15 +++------------ .../auditing/advanced-security-auditing-faq.yml | 12 ++++-------- .../wdsc-account-protection.md | 14 ++------------ .../wdsc-app-browser-control.md | 13 ++----------- .../wdsc-customize-contact-information.md | 13 ++----------- .../wdsc-device-performance-health.md | 10 +--------- .../wdsc-device-security.md | 12 ++---------- .../wdsc-family-options.md | 13 ++----------- .../wdsc-firewall-network-protection.md | 10 +--------- .../wdsc-hide-notifications.md | 13 ++----------- .../windows-sandbox-architecture.md | 7 ++----- .../windows-sandbox-configure-using-wsb-file.md | 4 +--- .../windows-sandbox/windows-sandbox-overview.md | 6 ++---- 43 files changed, 64 insertions(+), 244 deletions(-) diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index ef26f2ef61..63c5843f83 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -8,7 +8,7 @@ ms.topic: article ms.prod: windows-client ms.technology: itpro-manage author: vinaypamnani-msft -ms.date: +ms.date: 4/5/2022 --- # Device HealthAttestation CSP diff --git a/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md b/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md index 19f6591fde..5d80bf89fd 100644 --- a/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md +++ b/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md @@ -2,15 +2,14 @@ title: Don't Remove images under do/images/elixir_ux - used by Azure portal Diagnose/Solve feature UI manager: aaroncz description: Elixir images read me file -keywords: updates, downloads, network, bandwidth ms.prod: windows-client ms.mktglfcycl: deploy audience: itpro author: nidos -ms.localizationpriority: medium ms.author: nidos ms.topic: article ms.date: 12/31/2017 +ms.technology: itpro-updates --- # Read Me diff --git a/windows/deployment/do/mcc-enterprise-appendix.md b/windows/deployment/do/mcc-enterprise-appendix.md index cba66fa1b9..11915236a8 100644 --- a/windows/deployment/do/mcc-enterprise-appendix.md +++ b/windows/deployment/do/mcc-enterprise-appendix.md @@ -5,9 +5,9 @@ description: Appendix on Microsoft Connected Cache (MCC) for Enterprise and Educ ms.prod: windows-client author: amymzhou ms.author: amyzhou -ms.localizationpriority: medium ms.topic: article ms.date: 12/31/2017 +ms.technology: itpro-updates --- # Appendix diff --git a/windows/deployment/do/mcc-enterprise-deploy.md b/windows/deployment/do/mcc-enterprise-deploy.md index 38883390d1..c39e4b5a84 100644 --- a/windows/deployment/do/mcc-enterprise-deploy.md +++ b/windows/deployment/do/mcc-enterprise-deploy.md @@ -4,10 +4,10 @@ manager: dougeby description: How to deploy Microsoft Connected Cache (MCC) for Enterprise and Education cache node ms.prod: windows-client author: amymzhou -ms.localizationpriority: medium ms.author: amyzhou ms.topic: article ms.date: 12/31/2017 +ms.technology: itpro-updates --- # Deploying your cache node diff --git a/windows/deployment/do/mcc-enterprise-prerequisites.md b/windows/deployment/do/mcc-enterprise-prerequisites.md index 6689c75109..fac81254f0 100644 --- a/windows/deployment/do/mcc-enterprise-prerequisites.md +++ b/windows/deployment/do/mcc-enterprise-prerequisites.md @@ -4,10 +4,10 @@ manager: dougeby description: Overview of requirements for Microsoft Connected Cache (MCC) for Enterprise and Education. ms.prod: windows-client author: amymzhou -ms.localizationpriority: medium ms.author: amyzhou ms.topic: article ms.date: 12/31/2017 +ms.technology: itpro-updates --- # Requirements of Microsoft Connected Cache for Enterprise and Education (early preview) diff --git a/windows/deployment/do/mcc-enterprise-update-uninstall.md b/windows/deployment/do/mcc-enterprise-update-uninstall.md index 0027211ca3..83882c952c 100644 --- a/windows/deployment/do/mcc-enterprise-update-uninstall.md +++ b/windows/deployment/do/mcc-enterprise-update-uninstall.md @@ -4,10 +4,10 @@ manager: dougeby description: Details on updating or uninstalling Microsoft Connected Cache (MCC) for Enterprise and Education. ms.prod: windows-client author: amymzhou -ms.localizationpriority: medium ms.author: amyzhou ms.topic: article ms.date: 12/31/2017 +ms.technology: itpro-updates --- # Update or uninstall Microsoft Connected Cache for Enterprise and Education diff --git a/windows/deployment/do/mcc-isp-cache-node-configuration.md b/windows/deployment/do/mcc-isp-cache-node-configuration.md index b1100441f0..8d8bc76577 100644 --- a/windows/deployment/do/mcc-isp-cache-node-configuration.md +++ b/windows/deployment/do/mcc-isp-cache-node-configuration.md @@ -2,15 +2,12 @@ title: Cache node configuration manager: aaroncz description: Configuring a cache node on Azure portal -keywords: updates, downloads, network, bandwidth ms.prod: windows-client -ms.mktglfcycl: deploy -audience: itpro author: amyzhou -ms.localizationpriority: medium ms.author: amyzhou ms.topic: article ms.date: 12/31/2017 +ms.technology: itpro-updates --- # Cache node configuration diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md index ca7cd23cf6..aa7180c750 100644 --- a/windows/deployment/do/mcc-isp-create-provision-deploy.md +++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md @@ -2,15 +2,12 @@ title: Create, provision, and deploy the cache node in Azure portal manager: aaroncz description: Instructions for creating, provisioning, and deploying Microsoft Connected Cache for ISP on Azure portal -keywords: updates, downloads, network, bandwidth ms.prod: windows-client -ms.mktglfcycl: deploy -audience: itpro author: nidos -ms.localizationpriority: medium ms.author: nidos ms.topic: article ms.date: 12/31/2017 +ms.technology: itpro-updates --- # Create, Configure, provision, and deploy the cache node in Azure portal diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml index a50448410d..9c4a778d6c 100644 --- a/windows/deployment/do/mcc-isp-faq.yml +++ b/windows/deployment/do/mcc-isp-faq.yml @@ -2,23 +2,19 @@ metadata: title: Microsoft Connected Cache Frequently Asked Questions description: The following article is a list of frequently asked questions for Microsoft Connected Cache. - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: amymzhou ms.author: amymzhou manager: aaroncz ms.collection: - - M365-security-compliance - highpri ms.topic: faq ms.date: 09/30/2022 ms.prod: windows-client + ms.technology: itpro-updates title: Microsoft Connected Cache Frequently Asked Questions summary: | **Applies to** - - Windows 10 - - Windows 11 + - Windows 10 and later sections: - name: Ignored diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md index e1e0134c06..e53324e321 100644 --- a/windows/deployment/do/mcc-isp-signup.md +++ b/windows/deployment/do/mcc-isp-signup.md @@ -2,15 +2,14 @@ title: Operator sign up and service onboarding manager: aaroncz description: Service onboarding for Microsoft Connected Cache for ISP -keywords: updates, downloads, network, bandwidth ms.prod: windows-client ms.mktglfcycl: deploy audience: itpro author: nidos -ms.localizationpriority: medium ms.author: nidos ms.topic: article ms.date: 12/31/2017 +ms.technology: itpro-updates --- # Operator sign up and service onboarding for Microsoft Connected Cache diff --git a/windows/deployment/do/mcc-isp-support.md b/windows/deployment/do/mcc-isp-support.md index 31e3d1ae9b..a10e0f5a63 100644 --- a/windows/deployment/do/mcc-isp-support.md +++ b/windows/deployment/do/mcc-isp-support.md @@ -2,14 +2,13 @@ title: Support and troubleshooting manager: aaroncz description: Troubleshooting issues for Microsoft Connected Cache for ISP -keywords: updates, downloads, network, bandwidth ms.prod: windows-client audience: itpro author: nidos -ms.localizationpriority: medium ms.author: nidos ms.topic: reference ms.date: 12/31/2017 +ms.technology: itpro-updates --- # Support and troubleshooting diff --git a/windows/deployment/do/mcc-isp-update.md b/windows/deployment/do/mcc-isp-update.md index 87ce60fb38..2e74cc5a44 100644 --- a/windows/deployment/do/mcc-isp-update.md +++ b/windows/deployment/do/mcc-isp-update.md @@ -2,15 +2,14 @@ title: Update or uninstall your cache node manager: aaroncz description: How to update or uninstall your cache node -keywords: updates, downloads, network, bandwidth ms.prod: windows-client ms.mktglfcycl: deploy audience: itpro author: amyzhou -ms.localizationpriority: medium ms.author: amyzhou ms.topic: article ms.date: 12/31/2017 +ms.technology: itpro-updates --- # Update or uninstall your cache node diff --git a/windows/deployment/do/mcc-isp-verify-cache-node.md b/windows/deployment/do/mcc-isp-verify-cache-node.md index 42bd92657e..da0003c24f 100644 --- a/windows/deployment/do/mcc-isp-verify-cache-node.md +++ b/windows/deployment/do/mcc-isp-verify-cache-node.md @@ -4,13 +4,12 @@ manager: aaroncz description: How to verify the functionality of a cache node keywords: updates, downloads, network, bandwidth ms.prod: windows-client -ms.mktglfcycl: deploy audience: itpro author: amyzhou -ms.localizationpriority: medium ms.author: amyzhou ms.topic: article ms.date: 12/31/2017 +ms.technology: itpro-updates --- # Verify cache node functionality and monitor health and performance diff --git a/windows/deployment/do/mcc-isp-vm-performance.md b/windows/deployment/do/mcc-isp-vm-performance.md index 0152161e0c..9316c9a5af 100644 --- a/windows/deployment/do/mcc-isp-vm-performance.md +++ b/windows/deployment/do/mcc-isp-vm-performance.md @@ -2,14 +2,11 @@ title: Enhancing VM performance manager: aaroncz description: How to enhance performance on a virtual machine used with Microsoft Connected Cache for ISPs -keywords: updates, downloads, network, bandwidth ms.prod: windows-client -ms.mktglfcycl: deploy -audience: itpro author: amyzhou -ms.localizationpriority: medium ms.author: amyzhou ms.topic: reference +ms.technology: itpro-updates ms.date: 12/31/2017 --- diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index 89d2d5567f..0827ee5979 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -2,28 +2,20 @@ metadata: title: Delivery Optimization Frequently Asked Questions description: The following is a list of frequently asked questions for Delivery Optimization. - ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: aaroncz ms.prod: windows-client - ms.mktglfcycl: explore - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: carmenf ms.author: carmenf manager: dougeby - audience: ITPro + ms.technology: itpro-updates ms.collection: - - M365-security-compliance - highpri ms.topic: faq ms.date: 08/04/2022 - ms.custom: seo-marvel-apr2020 title: Delivery Optimization Frequently Asked Questions summary: | **Applies to** - - Windows 10 - - Windows 11 + - Windows 10 and later sections: diff --git a/windows/deployment/windows-autopatch/index.yml b/windows/deployment/windows-autopatch/index.yml index fe94531f9b..1f245af013 100644 --- a/windows/deployment/windows-autopatch/index.yml +++ b/windows/deployment/windows-autopatch/index.yml @@ -13,6 +13,7 @@ metadata: ms.date: 05/30/2022 #Required; mm/dd/yyyy format. ms.custom: intro-hub-or-landing ms.prod: windows-client + ms.technology: itpro-updates ms.collection: - highpri diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index 85717b347c..da940b07a4 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -11,6 +11,7 @@ metadata: author: tiaraquan ms.author: tiaraquan ms.reviwer: hathind + ms.technology: itpro-updates title: Frequently Asked Questions about Windows Autopatch summary: This article answers frequently asked questions about Windows Autopatch. sections: diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index bdfbe3acf9..5fe62506a6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -11,9 +11,9 @@ appliesto: # Deploy certificates for remote desktop (RDP) sign-in -This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +This document describes Windows Hello for Business functionalities or scenarios that apply to: - **Deployment type:** [!INCLUDE [hybrid](../../includes/hello-deployment-hybrid.md)] -- **Trust type:** [!INCLUDE [cloud-kerberos](../../includes/hello-trust-cloud-kerberos.md)],[!INCLUDE [key](../../includes/hello-trust-key.md)] +- **Trust type:** [!INCLUDE [cloud-kerberos](../../includes/hello-trust-cloud-kerberos.md)], [!INCLUDE [key](../../includes/hello-trust-key.md)] - **Join type:** [!INCLUDE [hello-join-aadj](../../includes/hello-join-aad.md)], [!INCLUDE [hello-join-hybrid](../../includes/hello-join-hybrid.md)] --- diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index f4456c7110..f3b9f0ad9a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -13,7 +13,6 @@ metadata: manager: aaroncz ms.reviewer: prsriva ms.collection: - - M365-identity-device-management - highpri ms.topic: faq localizationpriority: medium diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml index 0f14b0a619..0c6b760604 100644 --- a/windows/security/identity-protection/hello-for-business/index.yml +++ b/windows/security/identity-protection/hello-for-business/index.yml @@ -15,7 +15,6 @@ metadata: ms.reviewer: prsriva ms.date: 01/22/2021 ms.collection: - - M365-identity-device-management - highpri # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new diff --git a/windows/security/index.yml b/windows/security/index.yml index 57d27d3093..c78dd3fa5b 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -10,7 +10,6 @@ metadata: ms.prod: windows-client ms.technology: itpro-security ms.collection: - - m365-security-compliance - highpri ms.custom: intro-hub-or-landing author: paolomatarazzo diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml index df826bda53..b917a468f8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml @@ -2,19 +2,13 @@ metadata: title: BitLocker and Active Directory Domain Services (AD DS) FAQ (Windows 10) description: Learn more about how BitLocker and Active Directory Domain Services (AD DS) can work together to keep devices secure. - ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: windows-client ms.technology: itpro-security - ms.mktglfcycl: explore - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: frankroj ms.author: frankroj manager: aaroncz audience: ITPro ms.collection: - - M365-security-compliance - highpri ms.topic: faq ms.date: 11/08/2022 @@ -22,9 +16,8 @@ metadata: title: BitLocker and Active Directory Domain Services (AD DS) FAQ summary: | **Applies to:** - - Windows 10 - - Windows 11 - - Windows Server 2016 and above + - Windows 10 and later + - Windows Server 2016 and later diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml index 39701f8123..dbea4c718a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml @@ -2,28 +2,19 @@ metadata: title: BitLocker deployment and administration FAQ (Windows 10) description: Browse frequently asked questions about BitLocker deployment and administration, such as, "Can BitLocker deployment be automated in an enterprise environment?" - ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee - ms.reviewer: ms.prod: windows-client ms.technology: itpro-security - ms.mktglfcycl: explore - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: frankroj ms.author: frankroj manager: aaroncz - audience: ITPro - ms.collection: M365-security-compliance ms.topic: faq ms.date: 11/08/2022 ms.custom: bitlocker title: BitLocker frequently asked questions (FAQ) summary: | **Applies to:** - - Windows 10 - - Windows 11 - - Windows Server 2016 and above + - Windows 10 and later + - Windows Server 2016 and later sections: diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml index 46ab64d09d..24016c5ca6 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml @@ -2,20 +2,13 @@ metadata: title: BitLocker FAQ (Windows 10) description: Find the answers you need by exploring this brief hub page listing FAQ pages for various aspects of BitLocker. - ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee - ms.reviewer: ms.prod: windows-client ms.technology: itpro-security - ms.mktglfcycl: explore - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: frankroj ms.author: frankroj manager: aaroncz audience: ITPro ms.collection: - - M365-security-compliance - highpri ms.topic: faq ms.date: 11/08/2022 @@ -23,9 +16,8 @@ metadata: title: BitLocker frequently asked questions (FAQ) resources summary: | **Applies to:** - - Windows 10 - - Windows 11 - - Windows Server 2016 and above + - Windows 10 and later + - Windows Server 2016 and later This article links to frequently asked questions about BitLocker. BitLocker is a data protection feature that encrypts drives on computers to help prevent data theft or exposure. BitLocker-protected computers can also delete data more securely when they're decommissioned because it's much more difficult to recover deleted data from an encrypted drive than from a non-encrypted drive. diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml index b7aa1ae889..ad23cc6714 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml @@ -2,27 +2,20 @@ metadata: title: BitLocker Key Management FAQ (Windows 10) description: Browse frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. - ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: windows-client ms.technology: itpro-security - ms.mktglfcycl: explore - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: frankroj ms.author: frankroj manager: aaroncz audience: ITPro - ms.collection: M365-security-compliance ms.topic: faq ms.date: 11/08/2022 ms.custom: bitlocker title: BitLocker Key Management FAQ summary: | **Applies to:** - - Windows 10 - - Windows 11 - - Windows Server 2016 and above + - Windows 10 and later + - Windows Server 2016 and later sections: diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml index 7129c50889..9683743787 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml @@ -4,15 +4,10 @@ metadata: description: Familiarize yourself with BitLocker Network Unlock. Learn how it can make desktop and server management easier within domain environments. ms.prod: windows-client ms.technology: itpro-security - ms.mktglfcycl: explore - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: frankroj ms.author: frankroj manager: aaroncz audience: ITPro - ms.collection: M365-security-compliance ms.topic: faq ms.date: 11/08/2022 ms.reviewer: diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml index c8bea939c1..8398ff5cb5 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml @@ -2,19 +2,13 @@ metadata: title: BitLocker overview and requirements FAQ (Windows 10) description: This article for IT professionals answers frequently asked questions concerning the requirements to use BitLocker. - ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: windows-client ms.technology: itpro-security - ms.mktglfcycl: explore - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: frankroj ms.author: frankroj manager: aaroncz audience: ITPro ms.collection: - - M365-security-compliance - highpri ms.topic: faq ms.date: 11/08/2022 @@ -22,9 +16,8 @@ metadata: title: BitLocker Overview and Requirements FAQ summary: | **Applies to:** - - Windows 10 - - Windows 11 - - Windows Server 2016 and above + - Windows 10 and later + - Windows Server 2016 and later sections: diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml index 04035cd1cb..8b53e2e639 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml @@ -1,28 +1,21 @@ ### YamlMime:FAQ metadata: - title: BitLocker Security FAQ (Windows 10) + title: BitLocker Security FAQ description: Learn more about how BitLocker security works. Browse frequently asked questions, such as, "What form of encryption does BitLocker use?" - ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: windows-client ms.technology: itpro-security - ms.mktglfcycl: explore - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: frankroj ms.author: frankroj manager: aaroncz audience: ITPro - ms.collection: M365-security-compliance ms.topic: faq ms.date: 11/08/2022 ms.custom: bitlocker title: BitLocker Security FAQ summary: | **Applies to:** - - Windows 10 - - Windows 11 - - Windows Server 2016 and above + - Windows 10 and later + - Windows Server 2016 and later diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml index 1ab54f3689..c780b6ee5a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml @@ -1,19 +1,13 @@ ### YamlMime:FAQ metadata: - title: BitLocker To Go FAQ (Windows 10) + title: BitLocker To Go FAQ description: "Learn more about BitLocker To Go" - ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: windows-client ms.technology: itpro-security ms.author: frankroj - ms.mktglfcycl: deploy - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: frankroj manager: aaroncz audience: ITPro - ms.collection: M365-security-compliance ms.topic: faq ms.date: 11/08/2022 ms.custom: bitlocker diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml index 2ab78a0734..13441d1f58 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml @@ -1,18 +1,12 @@ ### YamlMime:FAQ metadata: - title: BitLocker Upgrading FAQ (Windows 10) + title: BitLocker Upgrading FAQ description: Learn more about upgrading systems that have BitLocker enabled. Find frequently asked questions, such as, "Can I upgrade to Windows 10 with BitLocker enabled?" ms.prod: windows-client ms.technology: itpro-security - ms.mktglfcycl: explore - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: frankroj ms.author: frankroj manager: aaroncz - audience: ITPro - ms.collection: M365-security-compliance ms.topic: faq ms.date: 11/08/2022 ms.reviewer: @@ -20,9 +14,8 @@ metadata: title: BitLocker Upgrading FAQ summary: | **Applies to:** - - Windows 10 - - Windows 11 - - Windows Server 2016 and above + - Windows 10 and later + - Windows Server 2016 and later sections: diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml index 64f9160f29..4d0267a25a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml @@ -1,28 +1,19 @@ ### YamlMime:FAQ metadata: - title: Using BitLocker with other programs FAQ (Windows 10) + title: Using BitLocker with other programs FAQ description: Learn how to integrate BitLocker with other software on a device. - ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: windows-client ms.technology: itpro-security - ms.mktglfcycl: explore - ms.sitesec: library - ms.pagetype: security - ms.localizationpriority: medium author: frankroj ms.author: frankroj manager: aaroncz - audience: ITPro - ms.collection: M365-security-compliance ms.topic: faq ms.date: 11/08/2022 - ms.custom: bitlocker title: Using BitLocker with other programs FAQ summary: | **Applies to:** - - Windows 10 - - Windows 11 - - Windows Server 2016 and above + - Windows 10 and later + - Windows Server 2016 and later sections: diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index edae4a8bb0..e2bee39f4e 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -1,19 +1,15 @@ ### YamlMime:FAQ metadata: - title: Advanced security auditing FAQ (Windows 10) + title: Advanced security auditing FAQ description: This article lists common questions and answers about understanding, deploying, and managing security audit policies. ms.prod: windows-client - ms.technology: mde - ms.localizationpriority: none - author: dansimp - ms.author: dansimp + author: vinaypamnani-msft + ms.author: vinpa manager: aaroncz - ms.reviewer: - ms.collection: M365-security-compliance ms.topic: faq ms.date: 05/24/2022 + ms.technology: itpro-security -title: Advanced security auditing FAQ summary: This article for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md index 126e20866c..b85fb0dfe8 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md @@ -1,18 +1,10 @@ --- title: Account protection in the Windows Security app description: Use the Account protection section to manage security for your account and sign in to Microsoft. -keywords: account protection, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide, Windows Defender SmartScreen, SmartScreen Filter, Windows SmartScreen -search.product: eADQiWindows 10XVcnh ms.prod: windows-client -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium author: vinaypamnani-msft ms.author: vinpa -ms.date: -ms.reviewer: -manager: aaroncz +ms.date: 12/31/2018 ms.technology: itpro-security ms.topic: article --- @@ -22,8 +14,7 @@ ms.topic: article **Applies to** -- Windows 10 -- Windows 11 +- Windows 10 and later The **Account protection** section contains information and settings for account protection and sign-in. You can get more information about these capabilities from the following list: @@ -33,7 +24,6 @@ The **Account protection** section contains information and settings for account You can also choose to hide the section from users of the device. This is useful if you don't want your employees to access or view user-configured options for these features. - ## Hide the Account protection section You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md index 9677bca821..817ff1949e 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md @@ -1,18 +1,10 @@ --- title: App & browser control in the Windows Security app description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings. -keywords: wdav, smartscreen, antivirus, wdsc, exploit, protection, hide -search.product: eADQiWindows 10XVcnh ms.prod: windows-client -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -audience: ITPro author: vinaypamnani-msft ms.author: vinpa -ms.date: -ms.reviewer: +ms.date: 12/31/2018 manager: aaroncz ms.technology: itpro-security ms.topic: article @@ -22,8 +14,7 @@ ms.topic: article **Applies to** -- Windows 10 -- Windows 11 +- Windows 10 and later The **App and browser control** section contains information and settings for Windows Defender SmartScreen. IT administrators and IT pros can get configuration guidance from the [Windows Defender SmartScreen documentation library](/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview). diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md index 8ea1d79235..e7d38fb7de 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md @@ -1,18 +1,10 @@ --- title: Customize Windows Security contact information description: Provide information to your employees on how to contact your IT department when a security issue occurs -keywords: wdsc, security center, defender, notification, customize, contact, it department, help desk, call, help site -search.product: eADQiWindows 10XVcnh ms.prod: windows-client -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium author: vinaypamnani-msft ms.author: vinpa -ms.date: -ms.reviewer: -manager: aaroncz +ms.date: 12/31/2018 ms.technology: itpro-security ms.topic: article --- @@ -21,8 +13,7 @@ ms.topic: article **Applies to** -- Windows 10 -- Windows 11 +- Windows 10 and later You can add information about your organization in a contact card to the Windows Security app. You can include a link to a support site, a phone number for a help desk, and an email address for email-based support. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md index a8bcd3c5fb..bfc66838f7 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md @@ -1,18 +1,10 @@ --- title: Device & performance health in the Windows Security app description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues -keywords: wdsc, windows update, storage, driver, device, installation, battery, health, status -search.product: eADQiWindows 10XVcnh +ms.date: 12/31/2018 ms.prod: windows-client -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium author: vinaypamnani-msft ms.author: vinpa -ms.date: -ms.reviewer: -manager: aaroncz ms.technology: itpro-security ms.topic: article --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md index 1a9e63b9b3..d56e6ecd4f 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md @@ -1,17 +1,10 @@ --- title: Device security in the Windows Security app description: Use the Device security section to manage security built into your device, including virtualization-based security. -keywords: device security, device guard, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide -search.product: eADQiWindows 10XVcnh ms.prod: windows-client -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium author: vinaypamnani-msft ms.author: vinpa -ms.date: -ms.reviewer: +ms.date: 12/31/2018 manager: aaroncz ms.technology: itpro-security ms.topic: article @@ -21,8 +14,7 @@ ms.topic: article **Applies to** -- Windows 10 -- Windows 11 +- Windows 10 and later The **Device security** section contains information and settings for built-in device security. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md index a6f50dbd95..f4a6bb11c6 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md @@ -1,18 +1,10 @@ --- title: Family options in the Windows Security app description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments. -keywords: wdsc, family options, hide, suppress, remove, disable, uninstall, kids, parents, safety, parental, child, screen time -search.product: eADQiWindows 10XVcnh ms.prod: windows-client -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium author: vinaypamnani-msft ms.author: vinpa -ms.date: -ms.reviewer: -manager: aaroncz +ms.date: 12/31/2018 ms.technology: itpro-security ms.topic: article --- @@ -22,8 +14,7 @@ ms.topic: article **Applies to** -- Windows 10 -- Windows 11 +- Windows 10 and later The **Family options** section contains links to settings and further information for parents of a Windows 10 PC. It isn't intended for enterprise or business environments. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md index fb61f9b4e1..1d0d162d10 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md @@ -1,17 +1,9 @@ --- title: Firewall and network protection in the Windows Security app description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine. -keywords: wdsc, firewall, windows defender firewall, network, connections, domain, private network, publish network, allow firewall, firewall rule, block firewall -search.product: eADQiWindows 10XVcnh -ms.prod: windows-client -ms.mktglfcycl: manage -ms.sitesec: library -ms.localizationpriority: medium author: vinaypamnani-msft ms.author: vinpa -ms.date: -ms.reviewer: -manager: aaroncz +ms.date: 12/31/2018 ms.technology: itpro-security ms.topic: article --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index 12d830380e..8ca7f8d1c1 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -1,18 +1,10 @@ --- title: Hide notifications from the Windows Security app description: Prevent Windows Security app notifications from appearing on user endpoints -keywords: defender, security center, app, notifications, av, alerts -search.product: eADQiWindows 10XVcnh ms.prod: windows-client -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium author: vinaypamnani-msft ms.author: vinpa -ms.date: -ms.reviewer: -manager: aaroncz +ms.date: 12/31/2018 ms.technology: itpro-security ms.topic: article --- @@ -21,8 +13,7 @@ ms.topic: article **Applies to** -- Windows 10 -- Windows 11 +- Windows 10 and later The Windows Security app is used by many Windows security features to provide notifications about the health and security of the machine. These include notifications about firewalls, antivirus products, Windows Defender SmartScreen, and others. diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md index 82a8b404e8..0dfbc42f89 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md @@ -5,17 +5,14 @@ ms.prod: windows-client author: vinaypamnani-msft ms.author: vinpa manager: aaroncz -ms.collection: ms.topic: article -ms.localizationpriority: -ms.date: -ms.reviewer: +ms.date: 6/30/2022 ms.technology: itpro-security --- # Windows Sandbox architecture -Windows Sandbox benefits from new container technology in Windows to achieve a combination of security, density, and performance that isn't available in traditional VMs. +Windows Sandbox benefits from new container technology in Windows to achieve a combination of security, density, and performance that isn't available in traditional VMs. ## Dynamically generated image diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index 58fb302ed7..2b518a0153 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -8,9 +8,7 @@ manager: aaroncz ms.collection: - highpri ms.topic: article -ms.localizationpriority: medium -ms.date: -ms.reviewer: +ms.date: 6/30/2022 ms.technology: itpro-security --- diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md index 60ccff4e09..cbbc3389e5 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md @@ -8,13 +8,11 @@ manager: aaroncz ms.collection: - highpri ms.topic: article -ms.localizationpriority: -ms.date: -ms.reviewer: +ms.date: 6/30/2022 ms.technology: itpro-security --- -# Windows Sandbox +# Windows Sandbox Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. From 334077cd7053f17b9dd0aa723cb9bcab7781ccf7 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 19 Dec 2022 09:04:26 -0500 Subject: [PATCH 11/11] updates --- .../auditing/advanced-security-auditing-faq.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index e2bee39f4e..9b46b2d3a3 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -10,6 +10,7 @@ metadata: ms.date: 05/24/2022 ms.technology: itpro-security +title: Advanced security auditing FAQ summary: This article for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.